February 24, 20197 yr I had the message about a possible hack attempt on the Feb 20th and when I looked in the syslog I found that they were coming from the ip address of my wife's laptop. I then scanned her laptop with both Avast AV and Malwarebytes, both of which came up clean. The login attempts were against both a telnet session attempting to use username UNKNOWN and proftpd using both "admin" and "Admin". Has anybody seen this combo of attempts to point me in the right direction on her laptop? Nuking it from orbit is the last thing I want to do. Thanks all! Edit: I am putting this at the top so that people dont have to scroll down. The culprit ended up being Avast Antivirus which I had scan my wife's laptop. One of its scans found my server and did a security check on it, which caused the login attempts. Edited February 28, 20197 yr by Ryland Add in what was found
February 24, 20197 yr Community Expert It has been several years since I been involved in dealing with a problem like this. But back then, there were several antivirus/malware which ran from self-booting media. These permitted the antivirus to do its work without the problem of the malware blocking the scanning process. You should probably google for these products (they are usually free). You can also google for the problem you have with this WIN10 computer and see if the larger world has seen this type of attack...
February 24, 20197 yr Author I did what you suggested and found that Avast, in their infinite wisdom, attempts to hack into network devices when running a home network scan. That probably generated those login attempts because Im 99% sure that Wednesday was when I was updating my wife's laptop and running scans on it.
February 24, 20197 yr 47 minutes ago, Ryland said: in their infinite wisdom, attempts to hack into network devices when running a home network scan. That's actually not a bad thing - checking for default logins and passwords that have never been changed.
February 24, 20197 yr Author 12 minutes ago, Squid said: That's actually not a bad thing - checking for default logins and passwords that have never been changed. Not informing you that they are going to do it is the bad thing. I also havent found a way to turn that off either.
Archived
This topic is now archived and is closed to further replies.