I have all machines attached to the fail-over IP. So they are not connected to the main IP and can’t be reached (i hope) from that IP.
I have enabled the OVH firewall on the fail over IP too and blocked ssh (22) network traffic.
I thought i was save but now i noticed a lot of ssh log in attempts on 1 of the VM’s and when i check the originating IP-address they all seem to be OVH IP-adresses.
I have enabled the firewall of my own OS on this particular machine, but i don’t understand why this traffic could reach my server(s) in the first place.

Anyone who knows or can explain ?

Hi,

OVH firewall is a perimetral firewall. So it can block or allow only connections coming/going from/to the outside of the OVH network perimeter.
If you need to block all the connections, including ones coming from the inside of the perimeter, you’ll need to use a local firewall on your machine(s).

OVH has a really huge network of cloud, vps and bare metal servers so it’s also full of “bad guys”. You can still report brute force attempts to the accountable parts.

My advice is just tu use iptables (or ufw, firewalld, etc…).
Bye

Thank you very much for this quick and good response.
I wasn’t aware of this and it scares me very much. IMHO this should have been written in some help file.
I saw that these hacking attempts only occur on 1 machine, that has to be related to the virtual MAC addresses that i assigned to that machine.

I agree with you. It should be written somewhere.
I know it just because I had your same concern about a year ago and I reported it to the customer care via ticket.
Btw, I don’t think it’s related to the virtual MAC (you can always generate a new one), it’s more likely about the IP address. Many IPs are present into hackers brute force attack lists.