Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Possiable hack attempt message, but nothing in logs under logins?

Featured Replies

Hi,

 

in Jan I got an Unraid message saying "possible hack attempt, 30 invalid log in attempts"  I never found any log in attempts in the logs, however on cloudflare I have been getting many queries for my-domain/wp-whatever.php from bots trying to scrap I guess. What is causing concern for me is why would it say 30 invalid log in attempts when there is no such record and could this be just the bots? I doubt it... there is just no logs of anyone but myself trying to log in. Any ideas on why? Could they just be trying to log into a docker Authelia instead? my emby subdomain is the first sub I put behind authelia, and that is the sub domain these bots are hitting.

 

Thank you for any input. 

There is.  FCP gathers that information only from the syslog.

  • Author

@squid ! thank you for helping my brother with getting fail2ban on CA btw. but sorry there is what?

"There is" as a reply to

1 hour ago, Kevin Marchese said:

I never found any log in attempts in the logs

 

FCP only gathers that warning from the logs.  No where else.

  • Author
On 2/3/2022 at 2:10 PM, Squid said:

"There is" as a reply to

 

FCP only gathers that warning from the logs.  No where else.

Thank you @Squid and @trurl for the feedback, it is greatly appreciated, the thing is I don't have any ports open. I did set up an Argo tunnel to CloudFlare mainly because I'm not a security expert and I knew I wasn't gonna be, opening up ports was a deal breaker for me for a while...unless another option became available which it did (argo tunnel, nginx proxy and CF suited well via guided by either IBRACORP or SpaceInvaderone's videos and the benefit was no open ports). So I'm just confused on how an ssh log in attempt was made outside my network when there isn't even a port open to attempt it. So any ideas on how an attempt to ssh in could even be made, considering the set up? Thank you, I know you guys are the wizards who may be able to give hints.

Edited by Kevin Marchese

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.