September 22, 20205 yr I got the following message: Possible Hack Attempt on Sep 17On Sep 17 there were 297 invalid login attempts. This could either be yourself attempting to login to your server (SSH / Telnet) with the wrong user or password, or you could be actively be the victim of hack attacks. A common cause of this would be placing your server within your router's DMZ, or improperly forwarding ports. This is a major issue and needs to be addressed IMMEDIATELY NOTE: Because this check is done against the logged entries in the syslog, the only way to clear it is to either increase the number of allowed invalid logins per day (if determined that it is not a hack attempt) or to reset your server. It is not recommended under any circumstance to ignore this error I'm not an expert user by any means. I use my unraid server mostly for Plex and a pi-hole. I have attached the log, and it shows the hacking attempts are coming from my router. Any possible advice? I have Netgear orbi router with one satellite. The satellite is wired to my server. You may have to dumb it down for me. Thank you in advance. https://linksharing.samsungcloud.com/RcjuDMQBA3fN
September 22, 20205 yr Community Expert If your server isn't internet facing, which it should never be, your router is probably performing vulnerability scans on your network https://blog.netgear.com/blog/increase-your-cybersecurity-with-orbi/
September 22, 20205 yr As allready commented, you should never face your server to the internet. But most probably if the IP is always the one from your router, it might be as described above. Check if vulnarability scans are active on your router. Please attach your diagnostics file (Tools/Diagnostic) to your next post so someone can look into it. Edited September 22, 20205 yr by Kevek79 Typo
September 22, 20205 yr While it could be a serious hacking attempt, you mentioned you have netgear router, which is probably performing vulnerability scans as previously mentioned. Check the router's admin page and see if you can disable "armor". That should disable that "feature" of the router, if you don't want it.
September 22, 20205 yr Author I don't think my server is internet facing. I mean I can access plex remotely but that's it. Also, I attached a link to my logs in my first post.
Archived
This topic is now archived and is closed to further replies.