Attempted loggins


mrbilky

16 posts in this topic Last Reply

Recommended Posts

Keep getting this today it stated 230 attempted logins:

 

Possible Hack Attempt on Aug 27On Aug 27 there were 230 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your router's DMZ, or improperly forwarding ports. 

This is a major issue and needs to be addressed IMMEDIATELY

NOTE: Because this check is done against the logged entries in the syslog, the only way to clear it is to either increase the number of allowed invalid logins per day (if determined that it is not a hack attempt) or to reset your server. It is not recommended under any circumstance to ignore this error

 

 

Aug 27 07:59:03 homeNAS sshd[31465]: Accepted none for root from 116.31.116.43 port 50168 ssh2
Aug 27 07:59:03 homeNAS sshd[31465]: Received disconnect from 116.31.116.43 port 50168:11: 
Aug 27 07:59:03 homeNAS sshd[31465]: Disconnected from 116.31.116.43 port 50168

 

any ideas what I need to do to protect the server? I have plex running and remote access but thats it nothing else is on the server I haven't even started using it yet

Link to post
24 minutes ago, 1812 said:

If your server is sitting on the open internet, stop that for starters.

 

also post your diagnostics and describe your networking setup.

How do I find out if I'm on the open internet the only thing that I set up over defaults would be plex and it is set to allow remote access

 

I did the diagnostics thing which particular file would be helpful, the one that looks like it has the most is syslog.txt but its like a mile long is that the one?

Link to post
15 minutes ago, mrbilky said:

How do I find out if I'm on the open internet the only thing that I set up over defaults would be plex and it is set to allow remote access

:

45 minutes ago, 1812 said:

describe your networking setup.

 

That means tell us how you have the server connected: to a router? Directly to a cable modem? Ports forwarded? Can't tell you anything without knowing how you've set it up.

--

 

post the entire diagnostics zip file.

 

Link to post
15 minutes ago, 1812 said:

:

 

That means tell us how you have the server connected: to a router? Directly to a cable modem? Ports forwarded? Can't tell you anything without knowing how you've set it up.

--

 

post the entire diagnostics zip file.

 

My setup is a Verizon fios wifi router connected by ethernet cable heres the router setup info:

 

homeNAS

192.168.1.151

HTTP TCP Any -> 80Active

 

Ok well it's not a zip file but I'll post it anyway

syslog.txt

Link to post

Not a lot of info to work with. 

 

But finding this in your syslog:

 

dhcpcd[1678]: br0: offered 192.168.1.151 from 192.168.1.1

 

leads me to believe that your server is not sitting directly on the internet since its getting a dhcp address from a standard ip range found in consumer firewall/routers. BUT, you need to go into the settings of your wifi router and see if you've placed it in a DMZ or just opened up all the ports pointed at it to make plex work externally. Did you do something like that? Change any of those settings?

 

this seems to originate from Russia:

 

2-62-156-89-bbc-dynamic.kuzbass.net

 

 

So, go look into locking down your router.

Link to post
5 minutes ago, 1812 said:

this seems to originate from Russia:

 


2-62-156-89-bbc-dynamic.kuzbass.net

 

 

So, go look into locking down your router.

HaHa I swear there's no collusion here I haven't talked to the Russians and have no business ties with them xD Seriously I'll go look into my router settings as I did fool with port forwarding for plex is there a work around that is out there or just live with it only being inside the home network environment?

Link to post
12 minutes ago, mrbilky said:

HaHa I swear there's no collusion here I haven't talked to the Russians and have no business ties with them xD Seriously I'll go look into my router settings as I did fool with port forwarding for plex is there a work around that is out there or just live with it only being inside the home network environment?

 

 

Best practice to access outside the network is run a vpn and not use port forwarding.

 

Aside from that, if port forwarding is the only option, forward only the single port that plex needs to the server. 

 

Someone else can correct me if I'm wrong, but I believe 6.4 will have the ability to assign individual ip addresses to docker containers, meaning that plex can reside on its own IP on the network, isolated from the server. So then if there was a problem, someone can only go after that single port to the IP of the docker and not hit the server.

Link to post
14 minutes ago, 1812 said:

 

 

Best practice to access outside the network is run a vpn and not use port forwarding.

 

Aside from that, if port forwarding is the only option, forward only the single port that plex needs to the server. 

 

Someone else can correct me if I'm wrong, but I believe 6.4 will have the ability to assign individual ip addresses to docker containers, meaning that plex can reside on its own IP on the network, isolated from the server. So then if there was a problem, someone can only go after that single port to the IP of the docker and not hit the server.

Well that sure would be nice I'm obviously uncomfortable with the idea of this being accessible as one could imagine, will change settings on the router and just deal with it until there's a workaround I have no media to view yet anyway:D Just going through all the motions before going live with using this NAS daily. Oh and when you say VPN I have ipvanish on my pc is there a simple way to set that up on the NAS?

Edited by mrbilky
Link to post
2 minutes ago, mrbilky said:

Oh and when you say VPN I have ipvanish on my pc is there a simple way to set that up on the NAS?

When someone says they are accessing their server via VPN, they are NOT talking about a commercial VPN provider. Same technology, totally different application. They mean setting up a VPN SERVER on your network, either on your router or other computer, possibly unraid. Then when you wish to access your home network from outside, you connect the VPN client to your VPN server at your home IP. No third party required, and only a single port to the VPN server is opened.

Link to post
On 8/27/2017 at 9:09 AM, mrbilky said:

Oh and when you say VPN I have ipvanish on my pc is there a simple way to set that up on the NAS?

 

You want something like the OpenVPN Access Server docker.  Search for openvpn in community applications.  Most use the Linuxserver.io version, but, there are others.  Its easy to setup. You'll want a dynamic DNS service for your unRAID server as well if you do not have a static IP from your ISP.  I use No-IP (free) as it is supported natively by my router as is DynDNS, but, there are others.  Configure OpenVPN Access Server on unRAID with your DDNS name and the IP address of your unRAID server. On your router, forward UDP/TCP port 1194 (the default) or another port you have configured for OpenVPN to the IP address of your unRAID server.  Download from the OpenVPN Access Server a user-locked profile for the clients you want to be able to access your server and you are set.  Now your clients can access your unRAID server securely over the Internet by DDNS server name on port 1194 (or other port you chose).

Link to post
1 hour ago, Hoopster said:

 

You want something like the OpenVPN Access Server docker.  Search for openvpn in community applications.  Most use the Linuxserver.io version, but, there are others.  Its easy to setup. You'll want a dynamic DNS service for your unRAID server as well if you do not have a static IP from your ISP.  I use No-IP (free) as it is supported natively by my router as is DynDNS, but, there are others.  Configure OpenVPN Access Server on unRAID with your DDNS name and the IP address of your unRAID server. On your router, forward UDP/TCP port 1194 (the default) or another port you have configured for OpenVPN to the IP address of your unRAID server.  Download from the OpenVPN Access Server a user-locked profile for the clients you want to be able to access your server and you are set.  Now your clients can access your unRAID server securely over the Internet by DDNS server name on port 1194 (or other port you chose).

Got it thanks will give it a go in a few days trying to tighten up any loose ends I have before starting to use the NAS

Link to post
  • 3 years later...
On 8/27/2017 at 11:15 AM, jonathanm said:

When someone says they are accessing their server via VPN, they are NOT talking about a commercial VPN provider. Same technology, totally different application. They mean setting up a VPN SERVER on your network, either on your router or other computer, possibly unraid. Then when you wish to access your home network from outside, you connect the VPN client to your VPN server at your home IP. No third party required, and only a single port to the VPN server is opened.

@jonathanmThanks for that. If I enabled a single port to the VPN server, then what? How do I then allow my Plex server to work remotely? How do I allow ssh access to my UnRaid server? Is there additional configuration needed for those ports? If so, where?

 

Thank you

 

Link to post
28 minutes ago, frakman1 said:

@jonathanmThanks for that. If I enabled a single port to the VPN server, then what? How do I then allow my Plex server to work remotely? How do I allow ssh access to my UnRaid server? Is there additional configuration needed for those ports? If so, where?

 

Thank you

 

Once you establish the connection between VPN client on your remote machine and VPN server on your LAN, it's like you were connected directly to your LAN, except you may need to use IP addresses instead of server names, depending on how the VPN is configured.

Link to post
31 minutes ago, frakman1 said:

@jonathanm Do you recommend a openVPN server or WireGuard? I heard something about WireGuard in recent UnRAID release notes/discussions.

 

Depends on your situation. I personally run OpenVPN hosted on a pfSense firewall VM.

 

If you don't have a firewall / router with decent CPU power, you would probably get better performance with wireguard hosted on Unraid.

 

That question doesn't have a clear cut answer, there are so many variables, including the range of clients that you need to use.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.