Why Your OpenClaw Server Is Under Attack Right Now

Within hours of deploying my new VPS, the attacks started.

I was setting up OpenClaw on a fresh Hetzner server when I noticed something in the auth logs. Automated bots were already hammering my server with login attempts.

The Numbers

Over 3 days, my server logged 19,225 brute-force SSH attempts. Attackers from China, Russia, Netherlands, and dozens of other countries were trying to break in.

The usernames they tried:

• root (thousands of times)
• admin
• postgres
• oracle
• ubuntu
• test
• user
• And hundreds more

Each username came with thousands of password guesses. Dictionary attacks. Common passwords. Variations.

Why This Matters for OpenClaw

When OpenClaw exploded in popularity, security researchers took a closer look. What they found wasn’t pretty:

• Hundreds of exposed instances discovered with open API keys and credentials
• Authentication bypass that gave attackers full access to conversation history
• Telegram tokens and Signal configs found on public servers
• Prompt injection attacks demonstrated in under 5 minutes

Most OpenClaw tutorials teach you how to set it up. They don’t teach you how to not become a headline.

The Basics Most People Skip

If you’re running OpenClaw on a VPS, you need:

1. A non-root user - Never run services as root
2. SSH key authentication - Disable password login entirely
3. Fail2ban - Automatically ban IPs after failed attempts
4. A firewall - Block everything except what you need
5. Automated backups - Because things go wrong

After hardening my server, the attacks continue. But now they’re hitting a wall:

• Root login? Disabled.
• Password authentication? Disabled.
• Repeated failures? IP banned for 24 hours.
• Firewall? Only port 22 open.

The bots can knock all they want. They’re not getting in.

Going Invisible

Want to take it further? Install Tailscale. Your server becomes completely invisible to the internet. No more brute-force attempts because attackers can’t even find you.

My server went from 19,000+ attack attempts to zero. It doesn’t exist on the public internet anymore.

Don’t Be One of the Exposed Instances

Security researchers found hundreds of vulnerable OpenClaw deployments. Don’t be one of them.

Harden your server. Use SSH keys. Enable fail2ban. Consider Tailscale.

Your AI agent deserves better than being someone else’s backdoor.