DevXen Posted September 26, 2021 Share Posted September 26, 2021 (edited) So this keeps pulling up. anyway to just block it all together? it's all dsifferent IP Addresses. I'm just now sure what to do here? Sep 26 15:52:15 MediaXen nginx: 2021/09/26 15:52:15 [crit] 16927#16927: *2000343 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 101.100.137.168, server: 0.0.0.0:443 Sep 26 15:54:04 MediaXen nginx: 2021/09/26 15:54:04 [crit] 16927#16927: *2001136 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 15:55:14 MediaXen nginx: 2021/09/26 15:55:14 [crit] 16927#16927: *2001688 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 123.139.75.167, server: 0.0.0.0:443 Sep 26 15:56:01 MediaXen nginx: 2021/09/26 15:56:01 [crit] 16927#16927: *2002034 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 185.200.181.7, server: 0.0.0.0:443 Sep 26 15:56:10 MediaXen nginx: 2021/09/26 15:56:10 [crit] 16927#16927: *2002111 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 62.210.204.20, server: 0.0.0.0:443 Sep 26 15:56:46 MediaXen nginx: 2021/09/26 15:56:46 [crit] 16927#16927: *2002359 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:02:44 MediaXen nginx: 2021/09/26 16:02:44 [crit] 16927#16927: *2005596 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 73.145.57.16, server: 0.0.0.0:443 Sep 26 16:04:11 MediaXen nginx: 2021/09/26 16:04:11 [crit] 16927#16927: *2006280 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 95.217.113.45, server: 0.0.0.0:443 Sep 26 16:07:16 MediaXen nginx: 2021/09/26 16:07:16 [crit] 16927#16927: *2007823 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 72.21.17.57, server: 0.0.0.0:443 Sep 26 16:09:17 MediaXen nginx: 2021/09/26 16:09:17 [crit] 16927#16927: *2008848 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 177.91.249.202, server: 0.0.0.0:443 Sep 26 16:09:55 MediaXen nginx: 2021/09/26 16:09:55 [crit] 16927#16927: *2009197 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 47.145.201.154, server: 0.0.0.0:443 Sep 26 16:10:48 MediaXen nginx: 2021/09/26 16:10:48 [crit] 16927#16927: *2009656 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 177.91.249.202, server: 0.0.0.0:443 Sep 26 16:14:16 MediaXen nginx: 2021/09/26 16:14:16 [crit] 16927#16927: *2011308 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 72.21.17.57, server: 0.0.0.0:443 Sep 26 16:14:17 MediaXen nginx: 2021/09/26 16:14:17 [crit] 16927#16927: *2011318 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:15:05 MediaXen nginx: 2021/09/26 16:15:05 [crit] 16927#16927: *2011690 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:15:37 MediaXen nginx: 2021/09/26 16:15:37 [crit] 16927#16927: *2011954 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 46.42.233.169, server: 0.0.0.0:443 Sep 26 16:15:39 MediaXen nginx: 2021/09/26 16:15:39 [crit] 16927#16927: *2011965 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 94.110.141.162, server: 0.0.0.0:443 Sep 26 16:15:51 MediaXen nginx: 2021/09/26 16:15:51 [crit] 16927#16927: *2012047 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:21:14 MediaXen nginx: 2021/09/26 16:21:14 [crit] 16927#16927: *2014620 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 47.147.35.197, server: 0.0.0.0:443 Sep 26 16:26:30 MediaXen nginx: 2021/09/26 16:26:30 [crit] 16927#16927: *2017115 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 101.100.137.168, server: 0.0.0.0:443 Sep 26 16:30:16 MediaXen nginx: 2021/09/26 16:30:16 [crit] 16927#16927: *2019165 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:33:49 MediaXen nginx: 2021/09/26 16:33:49 [crit] 16927#16927: *2021042 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 101.98.190.49, server: 0.0.0.0:443 Sep 26 16:33:53 MediaXen nginx: 2021/09/26 16:33:53 [crit] 16927#16927: *2021076 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:34:30 MediaXen nginx: 2021/09/26 16:34:30 [crit] 16927#16927: *2021417 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 118.183.147.48, server: 0.0.0.0:443 Sep 26 16:35:05 MediaXen nginx: 2021/09/26 16:35:05 [crit] 16927#16927: *2021695 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 177.91.249.202, server: 0.0.0.0:443 Sep 26 16:35:13 MediaXen nginx: 2021/09/26 16:35:13 [crit] 16927#16927: *2021749 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 177.91.249.202, server: 0.0.0.0:443 Sep 26 16:41:34 MediaXen nginx: 2021/09/26 16:41:34 [crit] 16927#16927: *2024967 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:42:03 MediaXen nginx: 2021/09/26 16:42:03 [crit] 16927#16927: *2025230 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 212.32.244.72, server: 0.0.0.0:443 Sep 26 16:42:10 MediaXen nginx: 2021/09/26 16:42:10 [crit] 16927#16927: *2025303 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 5.79.73.142, server: 0.0.0.0:443 Sep 26 16:43:38 MediaXen nginx: 2021/09/26 16:43:38 [crit] 16927#16927: *2025991 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 107.147.58.114, server: 0.0.0.0:443 Edited September 27, 2021 by DevXen fixed formatting from console log. Quote Link to comment
ChatNoir Posted September 27, 2021 Share Posted September 27, 2021 Is your server admin interface open to the internet (port forwarded or server in the router DMZ) ? If so, stop that now ! It looks like intrusion attempts that are blocked, I see addresses from China, California, Netherlands, Peru, New Zealand, Kazakhstan, ... https://forums.unraid.net/topic/104669-warning-unraid-servers-exposed-to-the-internet-are-being-hacked/#comments Quote Link to comment
DevXen Posted September 27, 2021 Author Share Posted September 27, 2021 No. I have openVPN and wireguard. But I also have swag/let's encrypt setup for a few docker containers. Is where I would guess it's from. from what I was able to find in think it's then trying to use an inner ssl exploit to get access. But no the admin interface isn't accessible over the internet. Quote Link to comment
DevXen Posted September 27, 2021 Author Share Posted September 27, 2021 I just disabled swag to see if that stops it. But if not I might have to sign out of the my servers as well. That uses the let's encrypt ssl as well. Quote Link to comment
DevXen Posted September 27, 2021 Author Share Posted September 27, 2021 So i disabled remote access in my servers and swag. But I'm still getting them in the logs. No idea what is allowing them to try to connect. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.