Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Possible attack attempt on server?

Featured Replies

Good morning,

I was looking at my server's logs this morning and I think I found someone was trying to break in.

Can someone give me some help interpreting this? Should I be worried? 

Diagnostics attached.

 gibson-diagnostics-20220206-1015.zip

30 minutes ago, urbanracer34 said:

I was looking at my server's logs this morning and I think I found someone was trying to break in.

I guess you are talking about this :

Feb  5 19:08:39 GIBSON nginx: 2022/02/05 19:08:39 [crit] 9544#9544: *8702755 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 167.248.133.61, server: 0.0.0.0:443

 

Is your server open to the Internet ?

  • Author

Yes my server is open to the internet on a few ports. 

 

I have "my servers" open on one port (which is I think the problem as the port is 443 but it is only accessible though another port, not direct.)  The only others are plex and rtorrent. 

  • Author

So they are scanning the web and have been marked as abusive. Is this log entry a one time fluke or should I change some settings.

Edited by urbanracer34

  • 1 year later...

Do I need to be concerend here? I ahve found three of these attempts in my logs the past 24 hours. "Feb 11 06:50:40 rhino9094 nginx: 2023/02/11 06:50:40 [crit] 6828#6828: *658370 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 154.89.5.117, server: 0.0.0.0:443" I have a complex root password and my server is only accessible via MyServers ported through another 4 digit port to [IP Address]:443 and via Plex. It doesnpt look like they were successful, but I find it intersting that one of them occurred about the same time my Docker froze/stopped working and I had to reboot. AbuseIPDB says the IP address is from a bad actor in China. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.