Jump to content

Attempted logins on /dev/tty1

johnodon

By johnodon
in General Support

Recommended Posts

johnodon Community Regular

johnodon

Posted
Posted

I see these entries in my syslog and don't know what is being attempted by what:

 

Dec 28 09:26:45 unRAID login[2275]: invalid password for 'UNKNOWN' on '/dev/tty1'
Dec 28 09:27:24 unRAID login[2275]: invalid password for 'UNKNOWN' on '/dev/tty1'
Dec 28 09:28:19 unRAID login[11795]: invalid password for 'UNKNOWN' on '/dev/tty1'
Dec 28 09:29:34 unRAID login[12715]: invalid password for 'UNKNOWN' on '/dev/tty1'

 

At the time I was playing with Plex Home Theater on a standalone Linux Mint 17.1 box (I have PMS running as a docker container).  The only other containers/VMs running are my usual ones and I have never seen these messages before.

 

Anyone have any ideas?

 

John

Link to comment
eroz Enthusiast

eroz

Posted
Posted

As far as I know, Plex is not really secure.  Reading on the Plex forums there are reports of people "hacking" into others account, especially if they are using PlexWatchWeb or PlexNotify.  But most of those reports it has just been Plex that they are able to get into since the perpetrator(s) have been posting on the plex forums letting people know to secure their systems.

Link to comment
gundamguy Enthusiast

gundamguy

Posted
Posted

As far as I know, Plex is not really secure.  Reading on the Plex forums there are reports of people "hacking" into others account, especially if they are using PlexWatchWeb or PlexNotify.  But most of those reports it has just been Plex that they are able to get into since the perpetrator(s) have been posting on the plex forums letting people know to secure their systems.

 

Is there any threads in particular you are talking about.  I am very curious about this as well.  I know unRAID isn't designed to be internet facing.  The only applicaiton I use which I might want to pass though the Router Firewall is Plex... but if it's not secure by default... then I might want to revisit that idea, or at least learn how to protect myself a bit better.

Link to comment
  • 2 years later...
Ashe Enthusiast

Ashe

Posted
Posted

An old thread but I have started having the same issue for the last 8 days. I have stopped any external access on the router (previously for OpenVPN, plex and nextcloud), shutdown VMs and Dockers, checked the local network devices and I'm still getting the messages. Is there any way to source what is accessing?

Link to comment
  • 1 year later...
auujay Noob

auujay

Posted
Posted
On 3/18/2017 at 4:40 AM, Ashe said:

An old thread but I have started having the same issue for the last 8 days. I have stopped any external access on the router (previously for OpenVPN, plex and nextcloud), shutdown VMs and Dockers, checked the local network devices and I'm still getting the messages. Is there any way to source what is accessing?

 

I too started getting this. I got a new router a few months ago and never figured out how to setup port forwarding to my UnRaid server so I don't anyone should have access that way. After getting this message I double checked my router I don' t see any DMZ or port forwarding enabled.

 

I would love to hear ideas. Maybe I have a compromised system on my local network that is trying to do this? Basically if I a computer on my local network was hacked, maybe it is trying to log into the unraid box?

Link to comment

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...