Hundreds of invalid SSH login attempts

[kahemker]

I am not sure how to debug this.  I am getting hundreds of failed login attempts from the IP address 10.8.0.1.  These login attempts appear in my /var/log/syslog file.

 

• I do not have the server exposed to DMZ of my router
• I do not have any exposed UPnP ports 
• I have a password on my root access to the server

Any ideas on what to do next?  Here is one example of the failed password attempt:

Nov  5 09:55:43 Tower sshd[3722]: Failed password for invalid user Admin from 10.8.0.1 port 48266 ssh2
Nov  5 09:55:43 Tower sshd[3694]: Connection closed by invalid user default 10.8.0.1 port 48246 [preauth]
Nov  5 09:55:43 Tower sshd[3749]: SSH: Server;Ltype: Kex;Remote: 10.8.0.1-48290;Enc: aes128-ctr;MAC: hmac-sha
2-256;Comp: none [preauth]

 

[trurl]

Normally 10.x.x.x. is a local network address. Is there something more you can tell us about your local network? What is the IP address of your Unraid server?

 

[Squid]

And if your IP address is say 192.x.x.x then presumably your running OpenVPN or something in which case a client on it is actively trying to hack your server.

[Frank1940]

By the way, you can turn off the ssh service on your server in        Settings    >>>   Identification   until you figure out what is going on.