Kevin Marchese Posted February 3, 2022 Share Posted February 3, 2022 Hi, in Jan I got an Unraid message saying "possible hack attempt, 30 invalid log in attempts" I never found any log in attempts in the logs, however on cloudflare I have been getting many queries for my-domain/wp-whatever.php from bots trying to scrap I guess. What is causing concern for me is why would it say 30 invalid log in attempts when there is no such record and could this be just the bots? I doubt it... there is just no logs of anyone but myself trying to log in. Any ideas on why? Could they just be trying to log into a docker Authelia instead? my emby subdomain is the first sub I put behind authelia, and that is the sub domain these bots are hitting. Thank you for any input. Quote Link to comment
Squid Posted February 3, 2022 Share Posted February 3, 2022 There is. FCP gathers that information only from the syslog. Quote Link to comment
Kevin Marchese Posted February 3, 2022 Author Share Posted February 3, 2022 @squid ! thank you for helping my brother with getting fail2ban on CA btw. but sorry there is what? Quote Link to comment
Squid Posted February 3, 2022 Share Posted February 3, 2022 "There is" as a reply to 1 hour ago, Kevin Marchese said: I never found any log in attempts in the logs FCP only gathers that warning from the logs. No where else. Quote Link to comment
Kevin Marchese Posted February 5, 2022 Author Share Posted February 5, 2022 (edited) On 2/3/2022 at 2:10 PM, Squid said: "There is" as a reply to FCP only gathers that warning from the logs. No where else. Thank you @Squid and @trurl for the feedback, it is greatly appreciated, the thing is I don't have any ports open. I did set up an Argo tunnel to CloudFlare mainly because I'm not a security expert and I knew I wasn't gonna be, opening up ports was a deal breaker for me for a while...unless another option became available which it did (argo tunnel, nginx proxy and CF suited well via guided by either IBRACORP or SpaceInvaderone's videos and the benefit was no open ports). So I'm just confused on how an ssh log in attempt was made outside my network when there isn't even a port open to attempt it. So any ideas on how an attempt to ssh in could even be made, considering the set up? Thank you, I know you guys are the wizards who may be able to give hints. Edited February 5, 2022 by Kevin Marchese Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.