_CJCJ_ Posted September 3, 2023 Share Posted September 3, 2023 Hello, As the title says, my syslog is being spammed 24/7 (literally every ~2s) which quickly fills up my log. It is coming from seemingly random IP addresses. Here's a snippet from it: Quote Sep 4 00:20:32 HomeServer sshd[16201]: Connection from 180.101.88.227 port 17867 on 192.168.1.1 port 22 rdomain "" Sep 4 00:20:37 HomeServer sshd[16283]: Connection from 218.92.0.29 port 10440 on 192.168.1.1 port 22 rdomain "" Sep 4 00:20:38 HomeServer sshd[16283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.29 user=root Sep 4 00:20:39 HomeServer sshd[16201]: Failed password for root from 180.101.88.227 port 17867 ssh2 Sep 4 00:20:40 HomeServer sshd[16283]: Failed password for root from 218.92.0.29 port 10440 ssh2 Sep 4 00:20:42 HomeServer sshd[16201]: Failed password for root from 180.101.88.227 port 17867 ssh2 Sep 4 00:20:43 HomeServer sshd[16283]: Failed password for root from 218.92.0.29 port 10440 ssh2 Sep 4 00:20:44 HomeServer sshd[16201]: Received disconnect from 180.101.88.227 port 17867:11: [preauth] Sep 4 00:20:44 HomeServer sshd[16201]: Disconnected from authenticating user root 180.101.88.227 port 17867 [preauth] I'm 90% sure this is because I have port 22 forwarded on my server (as when I un-portforward that the logs stop) so my friends can transfer some files over (can also be faster to use Filezilla rather than using a network share). Is there a way for me to stop this from happening? maybe IPban based off x amount of failed login attemps etc? Looking to make it more secure than just a password but unsure how, as well as reducing log-spam. Any help is appreciated, thanks! Quote Link to comment
JonathanM Posted September 3, 2023 Share Posted September 3, 2023 Put a whitelist rule in your firewall and only allow known IP's to traverse the firewall. Quote Link to comment
itimpi Posted September 4, 2023 Share Posted September 4, 2023 Any reason you have not set Unraid up so access is via a VPN to provide security? Unraid has the WireGuard VPN server built in. 1 Quote Link to comment
Mainfrezzer Posted September 4, 2023 Share Posted September 4, 2023 I'm already flabbergasted by the default 22 port. I would definitely second the wireguard setup. Quote Link to comment
_CJCJ_ Posted September 4, 2023 Author Share Posted September 4, 2023 3 hours ago, itimpi said: Any reason you have not set Unraid up so access is via a VPN to provide security? Unraid has the WireGuard VPN server built in. I've looked into this now, and under Settings > VPN Manager I have now set up a tunnel with my VPN Provider (imported Tunnel) with a Peer type of "VPN Tunneled access for Docker". (local endpoint automatically whent to (not used) with no port, is that right? To get my docker containers to use this VPN Conenction I just set the Network Type to the tunnel right? - I've also added a variable "dns" with the providers from the conf files. Is that correct? This is all new to me so apologies for any obvious questions.. I tested it with a firefox container (curl ifconfig.io from that container and it shows the VPN IP) but if I try to access any site it times out. I've noticed if I change some containers to be on the tunnel network then it doesn't work properly, eg - red-discordbot, Foundry etc. For Foundry I can access the main page, but then moving anywhere else won't load. Questions: 1) Why are these not working with the network type as the tunnel now? 2) To be able to remotely access Unraid, do I need to import a new tunnel and make a peer with type access "remote tunneled access"? Do i need to install Wireguard on my laptop/phone to access that? 3) Will this allow people to SFTP onto my server without me forwarding port 22? Thanks! Quote Link to comment
itimpi Posted September 4, 2023 Share Posted September 4, 2023 5 minutes ago, _CJCJ_ said: 2) To be able to remotely access Unraid, do I need to import a new tunnel and make a peer with type access "remote tunneled access"? Do i need to install Wireguard on my laptop/phone to access that? Yes. 6 minutes ago, _CJCJ_ said: 3) Will this allow people to SFTP onto my server without me forwarding port 22? As long as they use the VPN client at their end and you have given them the appropriate WireGuard client configuration file to use your server. Quote Link to comment
_CJCJ_ Posted September 4, 2023 Author Share Posted September 4, 2023 1 hour ago, itimpi said: As long as they use the VPN client at their end and you have given them the appropriate WireGuard client configuration file to use your server. I tried this on my phone (disconnected from wifi and launched vpn) and I can log in no problem, it works, thanks! However I created another peer, set the same type of access and sent him the file. He set up Wiregaurd with the zip and whenever he connects to the VPN he loses all internet connection and can't see the unraid server page nor SFTP Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.