Hack attempts?


Recommended Posts

Hi,

 

I think I should be worried, FCP just notified me of the following:

On Mar there were 642 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your router's DMZ, or improperly forwarding ports.

 

I looked at the syslog.txt and it looks kinda scary.

What is going on, has someone gotten access to my server? I wasn't even aware it was possible to telnet into my server from outside my network?

syslog.txt

Link to comment
9 minutes ago, jonathanm said:

Have you been messing around with plugging and unplugging cables around your modem and router? It really looks like someone has been occasionally plugging the tower directly into the modem, bypassing your routers NAT and allowing access to the entire world.

 

I have been (carelessly) messing around with some cables yeah, trying to see if I could troubleshoot some slow D/L speeds.

I think I did connect the server directly to my providers modem/router box while it was in bridge mode, that probably wasn't very a bright idea..

Link to comment

I looked at your syslog and you did have multiple outside attempts (be it scans or entry attempts)

 

Even if you moved your unraid behind a router now I'd strongly suggest you atleast reset your ISP-ip provided address if your dynamic (hopefully nobody actually pays for static)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.