February 6, 20224 yr Good morning, I was looking at my server's logs this morning and I think I found someone was trying to break in. Can someone give me some help interpreting this? Should I be worried? Diagnostics attached. gibson-diagnostics-20220206-1015.zip
February 6, 20224 yr 30 minutes ago, urbanracer34 said: I was looking at my server's logs this morning and I think I found someone was trying to break in. I guess you are talking about this : Feb 5 19:08:39 GIBSON nginx: 2022/02/05 19:08:39 [crit] 9544#9544: *8702755 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 167.248.133.61, server: 0.0.0.0:443 Is your server open to the Internet ?
February 6, 20224 yr Author Yes my server is open to the internet on a few ports. I have "my servers" open on one port (which is I think the problem as the port is 443 but it is only accessible though another port, not direct.) The only others are plex and rtorrent.
February 6, 20224 yr Author So they are scanning the web and have been marked as abusive. Is this log entry a one time fluke or should I change some settings. Edited February 6, 20224 yr by urbanracer34
February 11, 20233 yr Do I need to be concerend here? I ahve found three of these attempts in my logs the past 24 hours. "Feb 11 06:50:40 rhino9094 nginx: 2023/02/11 06:50:40 [crit] 6828#6828: *658370 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 154.89.5.117, server: 0.0.0.0:443" I have a complex root password and my server is only accessible via MyServers ported through another 4 digit port to [IP Address]:443 and via Plex. It doesnpt look like they were successful, but I find it intersting that one of them occurred about the same time my Docker froze/stopped working and I had to reboot. AbuseIPDB says the IP address is from a bad actor in China.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.