Jump to content

Should I be worried? Multiple failed login attempts - see syslog


Recommended Posts

Posted

Hi All,

There seems to be a high number of 'break-in attempts' on my server. Should I be worried?

 

http://dl.dropbox.com/u/30220896/syslog-2011-12-15.txt

 

There's loads of entries!!

 

This is probably when someone points out big probem in my unraid server that i haven't seen yet.

 

The connexant stuff is related to my custom unraid which has the drivers etc. for my tv card. And xmltv doesnt always play ball! :)

 

Thanks for looking!

Chris

Posted

Hi All,

There seems to be a high number of 'break-in attempts' on my server. Should I be worried?

 

http://dl.dropbox.com/u/30220896/syslog-2011-12-15.txt

 

There's loads of entries!!

 

This is probably when someone points out big probem in my unraid server that i haven't seen yet.

 

The connexant stuff is related to my custom unraid which has the drivers etc. for my tv card. And xmltv doesnt always play ball! :)

 

Thanks for looking!

Chris

I would not worry as much about the entries that say that login failed, but I would worry since there are no records of a successful login.

 

You are being attacked.  unRAID is NOT secure as normally delivered.  There are many logins with no passwords on most of the default unRAID installs on early versions of unRAID.

 

Since the password file is carried forward, even when upgrading, you could have these same vulnerable IDs if you have not assigned non-trivial passwords.

Posted

I didn't upgrade this version (if version is the riight word) of unraid was created from a clean install of unraid 5.0 beta10. I don't know if that still applies? I dont have a trivial password. Well the only thing that is trivial is my tvheadend stream account, but that only allows streaming of TV. Not that my connection could handle that haha!

 

I don't necessarily store anything sensitive on my unraid server, so can i ignore it? Should i disable port forwarding on ym router for the time being?

 

Chris

Posted

unRAID is NOT secure as normally delivered.  There are many logins with no passwords on most of the default unRAID installs on early versions of unRAID.

 

Since the password file is carried forward, even when upgrading, you could have these same vulnerable IDs if you have not assigned non-trivial passwords.

 

Don't wanna hijack the thread but I upgraded from 4.x to beta 5.x.  What is the best thing for me to do?  You say there are many logins with no passwords, how can I delete those or what should I do?

Posted

I didn't upgrade this version (if version is the riight word) of unraid was created from a clean install of unraid 5.0 beta10. I don't know if that still applies? I dont have a trivial password. Well the only thing that is trivial is my tvheadend stream account, but that only allows streaming of TV. Not that my connection could handle that haha!

 

I don't necessarily store anything sensitive on my unraid server, so can i ignore it? Should i disable port forwarding on ym router for the time being?

 

Chris

 

Disabling port forwarding would definitely help with security.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...