nomisco Posted January 26 Share Posted January 26 I've just seen this in my log. Never seen anything like this before. Is this someone trying to gain access to my server? Anything I should worry about? Jan 26 15:43:38 unRAID nginx: 2023/01/26 15:43:38 [crit] 24956#24956: *1977125 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 152.32.141.142, server: 0.0.0.0:443 That IP address is from Nigeria. Thanks Quote Link to comment
trurl Posted January 26 Share Posted January 26 https://www.abuseipdb.com/check/152.32.141.142 Probably more than that happening. Have you put your server on the internet? attach diagnostics to your NEXT post in this thread. Quote Link to comment
nomisco Posted January 26 Author Share Posted January 26 Haven't done anything as far as I know. The password is long and not the kind you could guess. unraid-diagnostics-20230126-1719.zip Quote Link to comment
ljm42 Posted January 26 Share Posted January 26 If you are using My Servers Remote Access, change the WAN port. You want something random between 1000 and 65000, see https://wiki.unraid.net/My_Servers#Configuring_Remote_Access_.28optional.29 Quote Link to comment
trurl Posted January 26 Share Posted January 26 12 minutes ago, nomisco said: The password is long and not the kind you could guess. No good reason to rely on that. Nothing outside your LAN should be able to access your server except specific ports you have setup and secured for that purpose. Quote Link to comment
trurl Posted January 26 Share Posted January 26 Jan 23 12:04:26 unRAID webGUI: Successful login user root from 79.77.141.131 That one is not in abuseipdb. Do you recognize it? You also have some problems with your pools, probably connection problems with ftp_cache. corruption on pool cache (csum errors). Have you done memtest recently? Quote Link to comment
nomisco Posted January 26 Author Share Posted January 26 (edited) ljm42: Changed the port to something else. trurl: Yes, I do recognise the IP address, that's OK. And I'm aware of the corruption in the cache pool. I don't know if it's a failing SSD or not. No further attempts to access the server. The only things which are forwardded on my router are the Plex server (running on unRAID) and the port aforementioned which I've changed for the WebUI remote access. Edited January 26 by nomisco Quote Link to comment
MrGrey Posted February 18 Share Posted February 18 Old news... Anyone with their own router knows that "bots" search or attack or look or whatever you want to call it. No one can stop "attacks" on the Internet. The Internet was actually created to stop "attacks" from being able to stop it. MrGrey. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.