kahemker Posted November 11, 2018 Share Posted November 11, 2018 I am not sure how to debug this. I am getting hundreds of failed login attempts from the IP address 10.8.0.1. These login attempts appear in my /var/log/syslog file. I do not have the server exposed to DMZ of my router I do not have any exposed UPnP ports I have a password on my root access to the server Any ideas on what to do next? Here is one example of the failed password attempt: Nov 5 09:55:43 Tower sshd[3722]: Failed password for invalid user Admin from 10.8.0.1 port 48266 ssh2 Nov 5 09:55:43 Tower sshd[3694]: Connection closed by invalid user default 10.8.0.1 port 48246 [preauth] Nov 5 09:55:43 Tower sshd[3749]: SSH: Server;Ltype: Kex;Remote: 10.8.0.1-48290;Enc: aes128-ctr;MAC: hmac-sha 2-256;Comp: none [preauth] Link to comment
trurl Posted November 11, 2018 Share Posted November 11, 2018 Normally 10.x.x.x. is a local network address. Is there something more you can tell us about your local network? What is the IP address of your Unraid server? Link to comment
Squid Posted November 11, 2018 Share Posted November 11, 2018 And if your IP address is say 192.x.x.x then presumably your running OpenVPN or something in which case a client on it is actively trying to hack your server. Link to comment
Frank1940 Posted November 11, 2018 Share Posted November 11, 2018 By the way, you can turn off the ssh service on your server in Settings >>> Identification until you figure out what is going on. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.