Weird authentication log

  • Good morning,


    logging into my NAS this morning I found out it never did shut down. When I investigated the reasons I found out there are ssh connections always active. Ill paste a snippet of the authentication log which looks really weird to me.
    http://dpaste.com/16HHDSH
    This continues for about 600 pages of the log. Is someone trying to hack into my server? And if yes, how could I stop this? I am really worried here.

  • Well but even if I do this it will not stop the connection attempts right? It will just make it harder for them to succeed. Who the hell does this actually.... seems like some programm just randomly targeting whatever it can find. Not like I have anything of real value for a stranger on there.


    EDIT: Well I closed the port and all of this stopped. Currently I do not really need to login from outside so it works for now. Still...fascinating someone would target a small private filehoster.

  • The IP 176.57.141.56 is trying to access the WebIF with users who do not exist (it is a full name and an adress from germany!):


    And the IP 43.229.53.20 is from Hongkong. He is trying to access your server by SSH.



    The only thing you can do is harden your SSH password, use the Public Key Authentication and use another port.
    By the way, there are also the abuse Mails inside. So if you want to, you can also abuse them.

  • Eine Mail an abuse@g-portal.de schicken, mitteilen dass dort Zugriffe stattfinden und um Vermeidung selbiger bitten. Diese werden dann den entsprechenden Server Mieter darauf hinweisen dass er das einzustellen hat.


    Gruß
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • To be honest, I didn't even read that you said that. Also, I guess showing him the mail is better than him trying to find it himself.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!