Nilsen Posted March 6, 2017 Share Posted March 6, 2017 Hi, I think I should be worried, FCP just notified me of the following: On Mar there were 642 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your router's DMZ, or improperly forwarding ports. I looked at the syslog.txt and it looks kinda scary. What is going on, has someone gotten access to my server? I wasn't even aware it was possible to telnet into my server from outside my network? syslog.txt Quote Link to comment
JonathanM Posted March 6, 2017 Share Posted March 6, 2017 Have you been messing around with plugging and unplugging cables around your modem and router? It really looks like someone has been occasionally plugging the tower directly into the modem, bypassing your routers NAT and allowing access to the entire world. Quote Link to comment
Nilsen Posted March 6, 2017 Author Share Posted March 6, 2017 9 minutes ago, jonathanm said: Have you been messing around with plugging and unplugging cables around your modem and router? It really looks like someone has been occasionally plugging the tower directly into the modem, bypassing your routers NAT and allowing access to the entire world. I have been (carelessly) messing around with some cables yeah, trying to see if I could troubleshoot some slow D/L speeds. I think I did connect the server directly to my providers modem/router box while it was in bridge mode, that probably wasn't very a bright idea.. Quote Link to comment
Nilsen Posted March 6, 2017 Author Share Posted March 6, 2017 Noted! Wasn't even thinking about what I was doing! As far as I can tell my server seems to operating just fine, so I guess I dodged a bullet? Quote Link to comment
JonathanM Posted March 6, 2017 Share Posted March 6, 2017 2 minutes ago, Nilsen said: As far as I can tell my server seems to operating just fine, so I guess I dodged a bullet? I didn't look at your syslog in detail, but if things seem to be ok and you aren't missing any data you are probably fine. Do your shares have passwords? Quote Link to comment
mos65xx Posted March 6, 2017 Share Posted March 6, 2017 I looked at your syslog and you did have multiple outside attempts (be it scans or entry attempts) Even if you moved your unraid behind a router now I'd strongly suggest you atleast reset your ISP-ip provided address if your dynamic (hopefully nobody actually pays for static) Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.