November 11, 20187 yr I am not sure how to debug this. I am getting hundreds of failed login attempts from the IP address 10.8.0.1. These login attempts appear in my /var/log/syslog file. I do not have the server exposed to DMZ of my router I do not have any exposed UPnP ports I have a password on my root access to the server Any ideas on what to do next? Here is one example of the failed password attempt: Nov 5 09:55:43 Tower sshd[3722]: Failed password for invalid user Admin from 10.8.0.1 port 48266 ssh2 Nov 5 09:55:43 Tower sshd[3694]: Connection closed by invalid user default 10.8.0.1 port 48246 [preauth] Nov 5 09:55:43 Tower sshd[3749]: SSH: Server;Ltype: Kex;Remote: 10.8.0.1-48290;Enc: aes128-ctr;MAC: hmac-sha 2-256;Comp: none [preauth]
November 11, 20187 yr Community Expert Normally 10.x.x.x. is a local network address. Is there something more you can tell us about your local network? What is the IP address of your Unraid server?
November 11, 20187 yr And if your IP address is say 192.x.x.x then presumably your running OpenVPN or something in which case a client on it is actively trying to hack your server. Edited November 11, 20187 yr by Squid
November 11, 20187 yr Community Expert By the way, you can turn off the ssh service on your server in Settings >>> Identification until you figure out what is going on.
Archived
This topic is now archived and is closed to further replies.