russ2021 Posted June 1, 2021 Share Posted June 1, 2021 Good morning. I am hoping someone can help me as I am not that technically minded but I have in the last couple of days got email warnings to say possible hack attempts. I am not sure where it is coming from or how or on any port. I have changed password on my router, on Unraid and anything else I can think of. Can anyone point me in the right direction as to what else I need to do or see where this is coming from please. I have attached a few screen shots of the syslog if that helps. Quote Link to comment
trurl Posted June 1, 2021 Share Posted June 1, 2021 A computer on your local network named Desktop-PC-2? Quote Link to comment
russ2021 Posted June 1, 2021 Author Share Posted June 1, 2021 I do have a laptop and a desktop and the name on the desktop pc is Desktop-PC. it is not called Desktop-PC-2, which i thought was a bit odd. Also, as I know the password to the server, I would not have got it wrong 17 or 18 times. Any further thoughts as I have today checked the desktop for viruses using AVG and any malicious malware using Malwarebytes and both show as clean on Desktop-PC thanks in advance. Quote Link to comment
trurl Posted June 2, 2021 Share Posted June 2, 2021 Do you share your LAN with anyone else? Quote Link to comment
russ2021 Posted June 2, 2021 Author Share Posted June 2, 2021 No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else. thanks for your help. Quote Link to comment
remotevisitor Posted June 2, 2021 Share Posted June 2, 2021 (edited) First thing to do is to convert the name back to an IP address. You can do this with: nslookup DESKTOP-PC-2.local Now look for the device on your network with that IP address. Edited June 2, 2021 by remotevisitor Quote Link to comment
ghost82 Posted June 2, 2021 Share Posted June 2, 2021 4 hours ago, russ2021 said: No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else. thanks for your help. If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story. If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password). Quote Link to comment
russ2021 Posted June 2, 2021 Author Share Posted June 2, 2021 Doesn't seem to show any information when i put this into a command prompt. see below Quote Link to comment
ghost82 Posted June 2, 2021 Share Posted June 2, 2021 (edited) Who is 192.168.10.10? The device logged in some time after the failed attempts Edited June 2, 2021 by ghost82 Quote Link to comment
russ2021 Posted June 2, 2021 Author Share Posted June 2, 2021 1 minute ago, ghost82 said: If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story. If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password). thanks for this. i have a virgin media hub, but not sure in the router page/wifi statistics what i am looking for.. My router wifi is on the same network and below are the current setting. Thanks. Quote Link to comment
russ2021 Posted June 2, 2021 Author Share Posted June 2, 2021 1 minute ago, ghost82 said: Who is 192.168.10.10? The device logged in as soon after the failed attempts 192.168.10.10 is the main DESKTOP-PC as below, but it has never been called DESKTOP-PC-2 Quote Link to comment
ghost82 Posted June 2, 2021 Share Posted June 2, 2021 5 minutes ago, russ2021 said: but not sure in the router page/wifi statistics what i am looking for.. Usually in the statistics page there is a list of mac addresses of connected devices: Something like this: From there you can see my wifi receiver has 2 clients connected, who can be identified with their mac address. You are in the wrong page, that is the security settings of your wifi. Quote Link to comment
ghost82 Posted June 2, 2021 Share Posted June 2, 2021 (edited) 49 minutes ago, russ2021 said: Doesn't seem to show any information when i put this into a command prompt. Try with ping: ping DESKTOP-PC-2.local nslookup "can fail" because of the dns, see my example where I have configured google dns. Edited June 2, 2021 by ghost82 Quote Link to comment
russ2021 Posted June 2, 2021 Author Share Posted June 2, 2021 5 hours ago, ghost82 said: Try with ping: ping DESKTOP-PC-2.local nslookup "can fail" because of the dns, see my example where I have configured google dns. no, ping not finding anything. This is very weird. Quote Link to comment
remotevisitor Posted June 2, 2021 Share Posted June 2, 2021 You don’t happen to run any VMs on your Desktop? They might be given the name of the host with the numeric postfix. Quote Link to comment
ChatNoir Posted June 3, 2021 Share Posted June 3, 2021 Or several sessions open on the same computer ? Quote Link to comment
russ2021 Posted June 3, 2021 Author Share Posted June 3, 2021 13 hours ago, remotevisitor said: You don’t happen to run any VMs on your Desktop? They might be given the name of the host with the numeric postfix. No, sorry, i don't run any VM's Quote Link to comment
russ2021 Posted June 3, 2021 Author Share Posted June 3, 2021 6 hours ago, ChatNoir said: Or several sessions open on the same computer ? no, this is usually in standby mode as i tend to use my laptop more, so no multiple sessions that i know of. Quote Link to comment
JonathanM Posted June 3, 2021 Share Posted June 3, 2021 Is the issue ongoing, or are you just trying to analyze this specific instance? Quote Link to comment
russ2021 Posted June 3, 2021 Author Share Posted June 3, 2021 6 hours ago, jonathanm said: Is the issue ongoing, or are you just trying to analyze this specific instance? no, I don't think so. I still get the daily email, but I guess I will until I click ignore error, which I don't want to until I get to the bottom of it. Quote Link to comment
trurl Posted June 4, 2021 Share Posted June 4, 2021 6 hours ago, russ2021 said: I still get the daily email, but I guess I will until I click ignore error Better to reboot since it is just seeing those in syslog and syslog will reset on reboot. Then if it happens again you will know. If instead you ignore it then you won't know. Quote Link to comment
russ2021 Posted June 6, 2021 Author Share Posted June 6, 2021 thanks all. However, i changed all passwords, on everything from the router, the root to unraid, all the wifi passwords and got the below alert this morning. i am at a loss now what to do. i have scanned the desktop=pc with anti virus as welll as malwarebytes and nothing found. Quote Link to comment
ghost82 Posted June 6, 2021 Share Posted June 6, 2021 27 minutes ago, russ2021 said: and got the below alert this morning Some antivirus, especially those with "internet smart protection" may cause these alerts. Quote Link to comment
russ2021 Posted June 6, 2021 Author Share Posted June 6, 2021 2 hours ago, ghost82 said: Some antivirus, especially those with "internet smart protection" may cause these alerts. but why would anti virus be trying to access "root" and "unknown" from my desktop pc? just seems odd. i am currently in the middle of factory setting the desktop pc, then we will see if it keeps happening. Pretty drastic i know, but i have back up of any documents. Quote Link to comment
JonathanM Posted June 6, 2021 Share Posted June 6, 2021 Example of a device on the network "helpfully?" trying to hack into other devices. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.