SSH connection from my OMV to unknow IP
-
- OMV 3.x
- sergejp
-
-
https://www.whois.com/whois/123.183.209.137
Greetings from China -
You need to change that root password NOW. If you can't, then reinstall the system. Who know what stuff that Chinese hacker has installed.
- Do not open your SSH on port 22 to the internet if you don't know what you're doing.
- If you do open your SSH to the internet:
- Use public key authentication, never password authentication.
- Always disable root access and never allow default account names ('admin', 'pi', etc...)
- Use a random port number that only you know. Never use 22. -
Thank you.
fail2ban is configured.
But these activities is surprise for me. -
You need to change that root password NOW. If you can't, then reinstall the system. Who know what stuff that Chinese hacker has installed.
I think if hackers know root password, they can upload needed ssh keys.
Maybe this situation tied up with backdoors in OMV SW? -
There is no backdoor in OMV. I just think you have your SSH port 22 open to the internet don´t you?
-
I think if hackers know root password, they can upload needed ssh keys.
If you are worried about that, delete/edit/inspect the ~/.ssh/authorized_keys for each user.
-
You were hacked because you left your SSH access open to the internet, on port 22, and with root enabled. You must NEVER do that.
The script kiddies (often from China and Russia) run scripts that scan IP addresses for SSH access, mainly on port 22, and try to brute-force passwords for common user names, like "pi", "root", "admin", "user", common first names, etc... Password access is NOT safe.
The safest way to allow SSH access is to:
- Use a different port than 22.
- Do not enable 'root' or any other common user name with SSH access.
- Use public/private key authorization instead of password authorization.At this stage, you HAVE been hacked and your system HAS been compromised. Someone might have introduced any kind of malware on your machine. The best thing you can do now is to reinstall OMV, change usernames, change passwords, and take measures the above measures.
-
Thank you.
I agree, use 22 port is bad idea. Port is changed.
Use Private key authorization is obligatory.
For brute-force prevention used fail2ban with strict rules.
I don't use common user names.
Thank you all for you cooperation.
Situation is resolved.
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!