February 26, 201610 yr Hi there Currently i have my entire server public by a DMZ port on my router for testing. I know this is very unsafe, and i have a very difficult password on my root user. I was taking a look at my log files, and they are endless! Are these logs attempts to SSH and telnet into my server? And should remove my server from the exposed port right away? Isn't SMB be exposed without any login?
February 26, 201610 yr Community Expert ...Are these logs attempts to SSH and telnet into my server? And should remove my server from the exposed port right away? Isn't SMB be exposed without any login?... 3 x yes
February 26, 201610 yr For heavens sake get your server back behind the firewall and out of the dmz. There is NO USECASE to have your server open to the Internet. Whatever you're trying to achieve there will be a way to do it safely. Tell us what you want to do and we will help.
February 26, 201610 yr I've never opened my server up to the internet like this, because I'd heard all the warnings about people trying to get in via SSH..... I'd kind of assumed it was a reality but also in my head thought people had always exaggerated somewhat the number of attacks/attempts that would occur. Al least now I know it's true!
February 26, 201610 yr Community Expert These sorts of attacks are completely automated and it takes absolutely no effort on the part of the attackers to find open systems to attack and attack them relentlessly.
February 27, 201610 yr If still like to know why he / she did it, what was being tested and attempted to be achieved?
February 27, 201610 yr Author Well.. Now it has been removed prom the exposed port. I did this, because i have a very unstable router and only here in the initial phase, for testing purpose. I cannot access my router when i am other places than my home (of course not) but i can reset it remotely. Every time i reset my router, all my portforward settings are lost, and it would not be possible to access my server and i could not do any work for a couple of days. I needed access to ftp, the web gui, all docker apps, and my VMs. Because i was messing around with all kind of settings here in the initial phase, i thought it would be easiest to just expose the entire server, with a good password, and luckily my server isn't containing any personal or sensitive date, and no one even did break my root password.. Now it is closed and i can't access my server, until i get home tomorrow. What would you do? I can't access ftp if i portfw my router to port 21, i can access my docker containers by portfw all ports.. How do i access the webgui, other than remote desktop into a vm, that is located on the same network as my server? If i want to access my shares, how do i do that? It would be nice if there was some kind of docker that could expose shares, to different kinds of users? Thanks..
February 27, 201610 yr Author Setup an OpenVPN server at home and VPN in to get the access you need . Would openvpn then just run in a docker container then?
February 27, 201610 yr i had simaler attacks on SSH port for years because of that "bug" honeypot that should have exposed all linux based systems, at the end i changes my ssh port. Blog is from 2013, but nothing has changed. https://blog.sucuri.net/2013/07/ssh-brute-force-the-10-year-old-attack-that-still-persists.html
February 27, 201610 yr Community Expert Setup an OpenVPN server at home and VPN in to get the access you need . Would openvpn then just run in a docker container then? See if your router already has VPN. Many newer ones do. My ASUS has OpenVPN and DDNS built-in.
February 27, 201610 yr Setup an OpenVPN server at home and VPN in to get the access you need . Would openvpn then just run in a docker container then? What trurl said but also yes. Search OpenVpN-AS in Community Applications.
February 27, 201610 yr Just curious, what is the difference between the OpenVPN-AS and the OpenVPN Server?
February 27, 201610 yr Just curious, what is the difference between the OpenVPN-AS and the OpenVPN Server? https://openvpn.net/index.php/access-server/section-faq-openvpn-as/32-general/225-compare-openvpn-community-and-enterprise-editions-.html Basically one is a community edition and one is a commercial product. Good thing is the commercial product comes with 2 free license so is good for allot of use cases for people using unRAID IMHO. It works out of the box and is up and running in a matter of minutes with none of the config heartache of messing with config files etc Note that those licences are "per user" and not simultaneous connections. For instance I am only one user but I have connected to the server 5 times using the same keys and logon profile 5 times simultaneously.
February 27, 201610 yr Got it So basicly, since the lisences is pr user, most normal home users that will only be using this for themself will get a long way with the AS one.
February 27, 201610 yr Got it So basicly, since the lisences is pr user, most normal home users that will only be using this for themself will get a long way with the AS one. Correctomundo!
February 27, 201610 yr I've had my router on the open by mistake for about 2 hours, and someone was able to access my root account (using default install and all) I noticed by looking at the logs. Had to tear everything down and start from scratch, being more careful this time. I'm now at about 162 days uptime with the new setup
Archived
This topic is now archived and is closed to further replies.