November 13, 20214 yr On two separate days recently, there were many failed login attempts, 34 and 19. I've checked syslog and im not seeing any records of failed logins on those days. I cant be sure, but it could have been me trying to access my servers smb hare remotely via VPN on my phone. I used an app called Solid Explorer. Sometimes it connects fine, sometimes not. I do remember trying it a bunch of times, possibly on one of those days, and it never connecting. I ended up deleting the saved connection from the app and re-creating it, which did let me connect. My question is, where should I be looking to find details about these failed logins since syslog shows nothing. The exact message I get from Fix Common problems is: Quote On Nov 6 there were 34 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your routers DMZ, or improperly forwarding ports. Cheers
November 13, 20214 yr The syslog will detail all the failed attempts, and is what is parsed by FCP to come up with the error
November 13, 20214 yr 24 minutes ago, 2Piececombo said: VPN on my phone. I used an app called Solid Explorer Why not just use WireGuard?
November 13, 20214 yr Author ive got openvpn setup on my firewall (pfsense) and use the openvpn app on my phone/laptop to connect. Also I found the failed logins. Like an idiot I was looking at the wrong month. My roommate has some antminers running in our garage and the IPs from the failed login attempts match those IPs. I will address this immediately.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.