Error: Possible Hack Attempt


russ2021

Recommended Posts

Good morning. I am hoping someone can help me as I am not that technically minded but I have in the last couple of days got email warnings to say possible hack attempts. I am not sure where it is coming from or how or on any port. I have changed password on my router, on Unraid and anything else I can think of. Can anyone point me in the right direction as to what else I need to do or see where this is coming from please. I have attached a few screen shots of the syslog if that helps.

syslog1.jpg

syslog2.jpg

syslog3.jpg

Link to comment

I do have a laptop and a desktop and the name on the desktop pc is Desktop-PC. it is not called Desktop-PC-2, which i thought was a bit odd.

Also, as I know the password to the server, I would not have got it wrong 17 or 18 times.

 

Any further thoughts as I have today checked the desktop for viruses using AVG and any malicious malware using Malwarebytes and both show as clean on Desktop-PC

 

thanks in advance.

 

Link to comment

No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else.

 

thanks for your help.

Link to comment
4 hours ago, russ2021 said:

No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else.

 

thanks for your help.

If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story.

If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password).

Link to comment
1 minute ago, ghost82 said:

If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story.

If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password).

thanks for this. i have a virgin media hub, but not sure in the router page/wifi statistics what i am looking for..

My router wifi is on the same network and below are the current setting. Thanks.

 

 

Screenshot_2.png

Link to comment
5 minutes ago, russ2021 said:

but not sure in the router page/wifi statistics what i am looking for..

Usually in the statistics page there is a list of mac addresses of connected devices:

Something like this:

wifi.thumb.png.a20597aa6dd8826e61eeef442c26a5ad.png

From there you can see my wifi receiver has 2 clients connected, who can be identified with their mac address.

 

You are in the wrong page, that is the security settings of your wifi.

Link to comment
49 minutes ago, russ2021 said:

Doesn't seem to show any information when i put this into a command prompt.

Try with ping:

ping DESKTOP-PC-2.local

nslookup "can fail" because of the dns, see my example where I have configured google dns.

ping.png.5e94825e7861dbeb2539a04f5ffa89c4.png

Edited by ghost82
Link to comment
6 hours ago, jonathanm said:

Is the issue ongoing, or are you just trying to analyze this specific instance? 

no, I don't think so. I still get the daily email, but I guess I will until I click ignore error, which I don't want to until I get to the bottom of it.

Link to comment
6 hours ago, russ2021 said:

I still get the daily email, but I guess I will until I click ignore error

Better to reboot since it is just seeing those in syslog and syslog will reset on reboot. Then if it happens again you will know. If instead you ignore it then you won't know.

Link to comment

thanks all. However, i changed all passwords, on everything from the router, the root to unraid, all the wifi passwords and got the below alert this morning.

i am at a loss now what to do. i have scanned the desktop=pc with anti virus as welll as malwarebytes and nothing found.

 

 

June 5th.png

Screenshot_5.png

Screenshot_6.png

Screenshot_7.png

Link to comment
2 hours ago, ghost82 said:

Some antivirus, especially those with "internet smart protection" may cause these alerts.

but why would anti virus be trying to access "root" and "unknown" from my desktop pc? just seems odd. i am currently in the middle of factory setting the desktop pc, then we will see if it keeps happening. Pretty drastic i know, but i have back up of any documents.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.