June 1, 20215 yr Good morning. I am hoping someone can help me as I am not that technically minded but I have in the last couple of days got email warnings to say possible hack attempts. I am not sure where it is coming from or how or on any port. I have changed password on my router, on Unraid and anything else I can think of. Can anyone point me in the right direction as to what else I need to do or see where this is coming from please. I have attached a few screen shots of the syslog if that helps.
June 1, 20215 yr Author I do have a laptop and a desktop and the name on the desktop pc is Desktop-PC. it is not called Desktop-PC-2, which i thought was a bit odd. Also, as I know the password to the server, I would not have got it wrong 17 or 18 times. Any further thoughts as I have today checked the desktop for viruses using AVG and any malicious malware using Malwarebytes and both show as clean on Desktop-PC thanks in advance.
June 2, 20215 yr Author No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else. thanks for your help.
June 2, 20215 yr First thing to do is to convert the name back to an IP address. You can do this with: nslookup DESKTOP-PC-2.local Now look for the device on your network with that IP address. Edited June 2, 20215 yr by remotevisitor
June 2, 20215 yr 4 hours ago, russ2021 said: No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else. thanks for your help. If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story. If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password).
June 2, 20215 yr Author Doesn't seem to show any information when i put this into a command prompt. see below
June 2, 20215 yr Who is 192.168.10.10? The device logged in some time after the failed attempts Edited June 2, 20215 yr by ghost82
June 2, 20215 yr Author 1 minute ago, ghost82 said: If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story. If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password). thanks for this. i have a virgin media hub, but not sure in the router page/wifi statistics what i am looking for.. My router wifi is on the same network and below are the current setting. Thanks.
June 2, 20215 yr Author 1 minute ago, ghost82 said: Who is 192.168.10.10? The device logged in as soon after the failed attempts 192.168.10.10 is the main DESKTOP-PC as below, but it has never been called DESKTOP-PC-2
June 2, 20215 yr 5 minutes ago, russ2021 said: but not sure in the router page/wifi statistics what i am looking for.. Usually in the statistics page there is a list of mac addresses of connected devices: Something like this: From there you can see my wifi receiver has 2 clients connected, who can be identified with their mac address. You are in the wrong page, that is the security settings of your wifi.
June 2, 20215 yr 49 minutes ago, russ2021 said: Doesn't seem to show any information when i put this into a command prompt. Try with ping: ping DESKTOP-PC-2.local nslookup "can fail" because of the dns, see my example where I have configured google dns. Edited June 2, 20215 yr by ghost82
June 2, 20215 yr Author 5 hours ago, ghost82 said: Try with ping: ping DESKTOP-PC-2.local nslookup "can fail" because of the dns, see my example where I have configured google dns. no, ping not finding anything. This is very weird.
June 2, 20215 yr You don’t happen to run any VMs on your Desktop? They might be given the name of the host with the numeric postfix.
June 3, 20215 yr Author 13 hours ago, remotevisitor said: You don’t happen to run any VMs on your Desktop? They might be given the name of the host with the numeric postfix. No, sorry, i don't run any VM's
June 3, 20215 yr Author 6 hours ago, ChatNoir said: Or several sessions open on the same computer ? no, this is usually in standby mode as i tend to use my laptop more, so no multiple sessions that i know of.
June 3, 20215 yr Author 6 hours ago, jonathanm said: Is the issue ongoing, or are you just trying to analyze this specific instance? no, I don't think so. I still get the daily email, but I guess I will until I click ignore error, which I don't want to until I get to the bottom of it.
June 4, 20215 yr 6 hours ago, russ2021 said: I still get the daily email, but I guess I will until I click ignore error Better to reboot since it is just seeing those in syslog and syslog will reset on reboot. Then if it happens again you will know. If instead you ignore it then you won't know.
June 6, 20215 yr Author thanks all. However, i changed all passwords, on everything from the router, the root to unraid, all the wifi passwords and got the below alert this morning. i am at a loss now what to do. i have scanned the desktop=pc with anti virus as welll as malwarebytes and nothing found.
June 6, 20215 yr 27 minutes ago, russ2021 said: and got the below alert this morning Some antivirus, especially those with "internet smart protection" may cause these alerts.
June 6, 20215 yr Author 2 hours ago, ghost82 said: Some antivirus, especially those with "internet smart protection" may cause these alerts. but why would anti virus be trying to access "root" and "unknown" from my desktop pc? just seems odd. i am currently in the middle of factory setting the desktop pc, then we will see if it keeps happening. Pretty drastic i know, but i have back up of any documents.
Archived
This topic is now archived and is closed to further replies.