Failed login attemps

[2Piececombo]

On two separate days recently, there were many failed login attempts, 34 and 19. I've checked syslog and im not seeing any records of failed logins on those days. I cant be sure, but it could have been me trying to access my servers smb hare remotely via VPN on my phone. I used an app called Solid Explorer. Sometimes it connects fine, sometimes not. I do remember trying it a bunch of times, possibly on one of those days, and it never connecting. I ended up deleting the saved connection from the app and re-creating it, which did let me connect. 

My question is, where should I be looking to find details about these failed logins since syslog shows nothing. The exact message I get from Fix Common problems is: 

Quote

On Nov 6 there were 34 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your routers DMZ, or improperly forwarding ports.

 

 

Cheers

[Squid]

The syslog will detail all the failed attempts, and is what is parsed by FCP to come up with the error

[trurl]

24 minutes ago, 2Piececombo said:

VPN on my phone. I used an app called Solid Explorer

Why not just use WireGuard?

[2Piececombo]

ive got openvpn setup on my firewall (pfsense) and use the openvpn app on my phone/laptop to connect.

 

Also I found the failed logins. Like an idiot I was looking at the wrong month. My roommate has some antminers running in our garage and the IPs from the failed login attempts match those IPs. I will address this immediately.