Second time this week I got an email from my omv, that
The following users are locked/banned or are candidates for too many failed login attempts:
Login Failures Latest failure From
root 1 07/06/19 07:40:09 unknown
You can reset their counters and unlock them via the omv-firstaid command.
The server is at home, the router has no access from wan. So - means that someone hacked my router or is hacked another machine in my household? Is it possible to check IP? Does it mean locikng on ssh or smb or ftp? Thank you very much - its the first time I see such a problem.