Omeed Posted September 22, 2020 Share Posted September 22, 2020 I got the following message: Possible Hack Attempt on Sep 17On Sep 17 there were 297 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your router's DMZ, or improperly forwarding ports. This is a major issue and needs to be addressed IMMEDIATELY NOTE: Because this check is done against the logged entries in the syslog, the only way to clear it is to either increase the number of allowed invalid logins per day (if determined that it is not a hack attempt) or to reset your server. It is not recommended under any circumstance to ignore this error I'm not an expert user by any means. I use my unraid server mostly for Plex and a pi-hole. I have attached the log, and it shows the hacking attempts are coming from my router. Any possible advice? I have Netgear orbi router with one satellite. The satellite is wired to my server. You may have to dumb it down for me. Thank you in advance. https://linksharing.samsungcloud.com/RcjuDMQBA3fN Quote Link to comment
Michael_P Posted September 22, 2020 Share Posted September 22, 2020 If your server isn't internet facing, which it should never be, your router is probably performing vulnerability scans on your network https://blog.netgear.com/blog/increase-your-cybersecurity-with-orbi/ Quote Link to comment
Kevek79 Posted September 22, 2020 Share Posted September 22, 2020 (edited) As allready commented, you should never face your server to the internet. But most probably if the IP is always the one from your router, it might be as described above. Check if vulnarability scans are active on your router. Please attach your diagnostics file (Tools/Diagnostic) to your next post so someone can look into it. Edited September 22, 2020 by Kevek79 Typo Quote Link to comment
civic95man Posted September 22, 2020 Share Posted September 22, 2020 While it could be a serious hacking attempt, you mentioned you have netgear router, which is probably performing vulnerability scans as previously mentioned. Check the router's admin page and see if you can disable "armor". That should disable that "feature" of the router, if you don't want it. 1 Quote Link to comment
Squid Posted September 22, 2020 Share Posted September 22, 2020 Or increase the threshold of what FCP considers to be an hack attempt Quote Link to comment
Omeed Posted September 22, 2020 Author Share Posted September 22, 2020 I don't think my server is internet facing. I mean I can access plex remotely but that's it. Also, I attached a link to my logs in my first post. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.