mrbilky Posted August 27, 2017 Share Posted August 27, 2017 Keep getting this today it stated 230 attempted logins: Possible Hack Attempt on Aug 27On Aug 27 there were 230 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your router's DMZ, or improperly forwarding ports. This is a major issue and needs to be addressed IMMEDIATELY NOTE: Because this check is done against the logged entries in the syslog, the only way to clear it is to either increase the number of allowed invalid logins per day (if determined that it is not a hack attempt) or to reset your server. It is not recommended under any circumstance to ignore this error Aug 27 07:59:03 homeNAS sshd[31465]: Accepted none for root from 116.31.116.43 port 50168 ssh2 Aug 27 07:59:03 homeNAS sshd[31465]: Received disconnect from 116.31.116.43 port 50168:11: Aug 27 07:59:03 homeNAS sshd[31465]: Disconnected from 116.31.116.43 port 50168 any ideas what I need to do to protect the server? I have plex running and remote access but thats it nothing else is on the server I haven't even started using it yet Quote Link to comment
1812 Posted August 27, 2017 Share Posted August 27, 2017 If your server is sitting on the open internet, stop that for starters. also post your diagnostics and describe your networking setup. 1 Quote Link to comment
mrbilky Posted August 27, 2017 Author Share Posted August 27, 2017 24 minutes ago, 1812 said: If your server is sitting on the open internet, stop that for starters. also post your diagnostics and describe your networking setup. How do I find out if I'm on the open internet the only thing that I set up over defaults would be plex and it is set to allow remote access I did the diagnostics thing which particular file would be helpful, the one that looks like it has the most is syslog.txt but its like a mile long is that the one? Quote Link to comment
1812 Posted August 27, 2017 Share Posted August 27, 2017 15 minutes ago, mrbilky said: How do I find out if I'm on the open internet the only thing that I set up over defaults would be plex and it is set to allow remote access : 45 minutes ago, 1812 said: describe your networking setup. That means tell us how you have the server connected: to a router? Directly to a cable modem? Ports forwarded? Can't tell you anything without knowing how you've set it up. -- post the entire diagnostics zip file. Quote Link to comment
mrbilky Posted August 27, 2017 Author Share Posted August 27, 2017 15 minutes ago, 1812 said: : That means tell us how you have the server connected: to a router? Directly to a cable modem? Ports forwarded? Can't tell you anything without knowing how you've set it up. -- post the entire diagnostics zip file. My setup is a Verizon fios wifi router connected by ethernet cable heres the router setup info: homeNAS 192.168.1.151 HTTP TCP Any -> 80Active Ok well it's not a zip file but I'll post it anyway syslog.txt Quote Link to comment
1812 Posted August 27, 2017 Share Posted August 27, 2017 Not a lot of info to work with. But finding this in your syslog: dhcpcd[1678]: br0: offered 192.168.1.151 from 192.168.1.1 leads me to believe that your server is not sitting directly on the internet since its getting a dhcp address from a standard ip range found in consumer firewall/routers. BUT, you need to go into the settings of your wifi router and see if you've placed it in a DMZ or just opened up all the ports pointed at it to make plex work externally. Did you do something like that? Change any of those settings? this seems to originate from Russia: 2-62-156-89-bbc-dynamic.kuzbass.net So, go look into locking down your router. Quote Link to comment
mrbilky Posted August 27, 2017 Author Share Posted August 27, 2017 5 minutes ago, 1812 said: this seems to originate from Russia: 2-62-156-89-bbc-dynamic.kuzbass.net So, go look into locking down your router. HaHa I swear there's no collusion here I haven't talked to the Russians and have no business ties with them Seriously I'll go look into my router settings as I did fool with port forwarding for plex is there a work around that is out there or just live with it only being inside the home network environment? Quote Link to comment
1812 Posted August 27, 2017 Share Posted August 27, 2017 12 minutes ago, mrbilky said: HaHa I swear there's no collusion here I haven't talked to the Russians and have no business ties with them Seriously I'll go look into my router settings as I did fool with port forwarding for plex is there a work around that is out there or just live with it only being inside the home network environment? Best practice to access outside the network is run a vpn and not use port forwarding. Aside from that, if port forwarding is the only option, forward only the single port that plex needs to the server. Someone else can correct me if I'm wrong, but I believe 6.4 will have the ability to assign individual ip addresses to docker containers, meaning that plex can reside on its own IP on the network, isolated from the server. So then if there was a problem, someone can only go after that single port to the IP of the docker and not hit the server. Quote Link to comment
mrbilky Posted August 27, 2017 Author Share Posted August 27, 2017 (edited) 14 minutes ago, 1812 said: Best practice to access outside the network is run a vpn and not use port forwarding. Aside from that, if port forwarding is the only option, forward only the single port that plex needs to the server. Someone else can correct me if I'm wrong, but I believe 6.4 will have the ability to assign individual ip addresses to docker containers, meaning that plex can reside on its own IP on the network, isolated from the server. So then if there was a problem, someone can only go after that single port to the IP of the docker and not hit the server. Well that sure would be nice I'm obviously uncomfortable with the idea of this being accessible as one could imagine, will change settings on the router and just deal with it until there's a workaround I have no media to view yet anyway Just going through all the motions before going live with using this NAS daily. Oh and when you say VPN I have ipvanish on my pc is there a simple way to set that up on the NAS? Edited August 27, 2017 by mrbilky Quote Link to comment
JonathanM Posted August 27, 2017 Share Posted August 27, 2017 2 minutes ago, mrbilky said: Oh and when you say VPN I have ipvanish on my pc is there a simple way to set that up on the NAS? When someone says they are accessing their server via VPN, they are NOT talking about a commercial VPN provider. Same technology, totally different application. They mean setting up a VPN SERVER on your network, either on your router or other computer, possibly unraid. Then when you wish to access your home network from outside, you connect the VPN client to your VPN server at your home IP. No third party required, and only a single port to the VPN server is opened. Quote Link to comment
Hoopster Posted August 28, 2017 Share Posted August 28, 2017 On 8/27/2017 at 9:09 AM, mrbilky said: Oh and when you say VPN I have ipvanish on my pc is there a simple way to set that up on the NAS? You want something like the OpenVPN Access Server docker. Search for openvpn in community applications. Most use the Linuxserver.io version, but, there are others. Its easy to setup. You'll want a dynamic DNS service for your unRAID server as well if you do not have a static IP from your ISP. I use No-IP (free) as it is supported natively by my router as is DynDNS, but, there are others. Configure OpenVPN Access Server on unRAID with your DDNS name and the IP address of your unRAID server. On your router, forward UDP/TCP port 1194 (the default) or another port you have configured for OpenVPN to the IP address of your unRAID server. Download from the OpenVPN Access Server a user-locked profile for the clients you want to be able to access your server and you are set. Now your clients can access your unRAID server securely over the Internet by DDNS server name on port 1194 (or other port you chose). Quote Link to comment
mrbilky Posted August 28, 2017 Author Share Posted August 28, 2017 1 hour ago, Hoopster said: You want something like the OpenVPN Access Server docker. Search for openvpn in community applications. Most use the Linuxserver.io version, but, there are others. Its easy to setup. You'll want a dynamic DNS service for your unRAID server as well if you do not have a static IP from your ISP. I use No-IP (free) as it is supported natively by my router as is DynDNS, but, there are others. Configure OpenVPN Access Server on unRAID with your DDNS name and the IP address of your unRAID server. On your router, forward UDP/TCP port 1194 (the default) or another port you have configured for OpenVPN to the IP address of your unRAID server. Download from the OpenVPN Access Server a user-locked profile for the clients you want to be able to access your server and you are set. Now your clients can access your unRAID server securely over the Internet by DDNS server name on port 1194 (or other port you chose). Got it thanks will give it a go in a few days trying to tighten up any loose ends I have before starting to use the NAS Quote Link to comment
frakman1 Posted January 1, 2021 Share Posted January 1, 2021 On 8/27/2017 at 11:15 AM, jonathanm said: When someone says they are accessing their server via VPN, they are NOT talking about a commercial VPN provider. Same technology, totally different application. They mean setting up a VPN SERVER on your network, either on your router or other computer, possibly unraid. Then when you wish to access your home network from outside, you connect the VPN client to your VPN server at your home IP. No third party required, and only a single port to the VPN server is opened. @jonathanmThanks for that. If I enabled a single port to the VPN server, then what? How do I then allow my Plex server to work remotely? How do I allow ssh access to my UnRaid server? Is there additional configuration needed for those ports? If so, where? Thank you Quote Link to comment
JonathanM Posted January 1, 2021 Share Posted January 1, 2021 28 minutes ago, frakman1 said: @jonathanmThanks for that. If I enabled a single port to the VPN server, then what? How do I then allow my Plex server to work remotely? How do I allow ssh access to my UnRaid server? Is there additional configuration needed for those ports? If so, where? Thank you Once you establish the connection between VPN client on your remote machine and VPN server on your LAN, it's like you were connected directly to your LAN, except you may need to use IP addresses instead of server names, depending on how the VPN is configured. Quote Link to comment
frakman1 Posted January 2, 2021 Share Posted January 2, 2021 @jonathanm Do you recommend a openVPN server or WireGuard? I heard something about WireGuard in recent UnRAID release notes/discussions. Quote Link to comment
JonathanM Posted January 2, 2021 Share Posted January 2, 2021 31 minutes ago, frakman1 said: @jonathanm Do you recommend a openVPN server or WireGuard? I heard something about WireGuard in recent UnRAID release notes/discussions. Depends on your situation. I personally run OpenVPN hosted on a pfSense firewall VM. If you don't have a firewall / router with decent CPU power, you would probably get better performance with wireguard hosted on Unraid. That question doesn't have a clear cut answer, there are so many variables, including the range of clients that you need to use. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.