March 15, 20206 yr Just got a warning for Possible hack attempt, Also Got out of memory errors. I have been running folding at home lately I checked logs and dont see anything about being accessed .jewel-diagnostics-20200315-1303.zip
March 15, 20206 yr Author This is my unifi logs this morning. 192.168.5.180 is unraid, 192.168.5.180 used by lets encrypt 192.168.5.5 is a VM
March 15, 20206 yr 1 hour ago, scubieman said: I checked logs and dont see anything about being accessed Mar 12 11:38:02 Jewel login[10832]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:06 Jewel login[10832]: invalid password for 'UNKNOWN' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 3 TIMES] ### Mar 12 11:38:15 Jewel login[10832]: REPEATED login failures on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:18 Jewel in.telnetd[12038]: connect from 192.168.5.5 (192.168.5.5) Mar 12 11:38:18 Jewel login[12039]: invalid password for 'UNKNOWN' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 2 TIMES] ### Mar 12 11:38:27 Jewel login[12039]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 1 TIMES] ### Mar 12 11:38:30 Jewel login[12039]: REPEATED login failures on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:33 Jewel in.telnetd[13520]: connect from 192.168.5.5 (192.168.5.5) Mar 12 11:38:33 Jewel login[13521]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:36 Jewel login[13521]: invalid password for 'UNKNOWN' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 2 TIMES] ### Mar 12 11:38:45 Jewel login[13521]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:45 Jewel login[13521]: REPEATED login failures on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain'
March 15, 20206 yr Author 1 minute ago, Squid said: Mar 12 11:38:02 Jewel login[10832]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:06 Jewel login[10832]: invalid password for 'UNKNOWN' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 3 TIMES] ### Mar 12 11:38:15 Jewel login[10832]: REPEATED login failures on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:18 Jewel in.telnetd[12038]: connect from 192.168.5.5 (192.168.5.5) Mar 12 11:38:18 Jewel login[12039]: invalid password for 'UNKNOWN' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 2 TIMES] ### Mar 12 11:38:27 Jewel login[12039]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 1 TIMES] ### Mar 12 11:38:30 Jewel login[12039]: REPEATED login failures on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:33 Jewel in.telnetd[13520]: connect from 192.168.5.5 (192.168.5.5) Mar 12 11:38:33 Jewel login[13521]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:36 Jewel login[13521]: invalid password for 'UNKNOWN' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' ### [PREVIOUS LINE REPEATED 2 TIMES] ### Mar 12 11:38:45 Jewel login[13521]: invalid password for 'root' on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' Mar 12 11:38:45 Jewel login[13521]: REPEATED login failures on '/dev/pts/3' from 'DESKTOP-E5F9MLD.localdomain' I think my unifi blocked it, wait was it all from IP 192.168.5.5?
March 15, 20206 yr It's those lines that FCP looked at to trigger the warning. They're all from the same computer which is probably one one your local network. Since the time frame is all within 45 seconds, I'd guess that it was you yourself who triggered it, but I'm not at your house and can't particularly say for sure.
March 15, 20206 yr Author 1 minute ago, Squid said: It's those lines that FCP looked at to trigger the warning. They're all from the same computer which is probably one one your local network. Since the time frame is all within 45 seconds, I'd guess that it was you yourself who triggered it, but I'm not at your house and can't particularly say for sure. That VM has been giving me issues. However its no longer. Thanks for your time and looking.
Archived
This topic is now archived and is closed to further replies.