Is this many attacks normal?

  • I don't usually check my auth log, but last night I did and I had apparently been targeted by someone in china. So modified my iptables to block him and upgrade a few things security wise and all was fine again. But around 8pm today I stared get hit from someone in Turkey, every few seconds (example in the code box).They're not getting through, but really trying. I even decided to just close all my ports even (now I can't even SSH outside my house lol. I'm just curious if this is normal, or if I should contact my provider (Comcast) and tell them there is malicious attacks against my IP and hope they give me a new IP (it hasn't changed in 2 years).




    Asus Eee PC 1005PE
    Processor:
    Intel(R) Atom(TM) CPU N450 @ 1.66GHz
    Memory:
    1GB RAM
    Kernel:
    Linux 2.6.32-5-amd64
    Version: 2.0.7 (Stone burner)

  • IP renewal is a good thing to stop those attacks but does only help if they use the IP instead of the DynDNS name.


    Like the auth.log says, these could be possible break-in attempts. I´d close all ports you do not need and switch to VPN instead.
    If you really need SSH access remotely, have a look at this great guide from sub - [GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)


    Rerouting well known ports to randome higher ports is also a good idea.


    Contacting you provider may also help.

    OMV 4.x| HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
    OMV 4.x| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    OMV 5.x| Raspberry Pi 4 | 6TB Data drive | 500GB SSD drive

  • Oh, my SSH is private key only. already did all that lol. And VPN costs money. Comcast said they couldn't change my ip because it is DHCP, utter BS IMO, they're just lazy. @subzero79 how do I forward a high wan port to 22 in OMV?



    Extra Q if either of you want to answer it, how to make this script (blocklist.sh) run after boot? already tried `crontab -e` as root and added `@restart /etc/blocklist.sh` and also tried adding the script to `/etc/network/if-pre-up.d/iptables` and also tried to add to init.d and update, but got an error that it couldn't do it because it required watchdog or something.




    Asus Eee PC 1005PE
    Processor:
    Intel(R) Atom(TM) CPU N450 @ 1.66GHz
    Memory:
    1GB RAM
    Kernel:
    Linux 2.6.32-5-amd64
    Version: 2.0.7 (Stone burner)

  • how do I forward a high wan port to 22 in OMV?


    You have to configure this in your router.


    `@restart /etc/blocklist.sh`


    Is the script executable? (chmod +x)? What is the output of env -i /etc/blocklist.sh

    OMV 4.x| HP Microserver | 256GB Samsung 830 SSD for system | 4x 2TB in a RAID5
    OMV 4.x| Odroid XU4 | 5TB Data drive | 500GB Backup drive
    OMV 5.x| Raspberry Pi 4 | 6TB Data drive | 500GB SSD drive

  • @WastlJ Oh I thought he meant actually within OMV lol. I was like, cool, how lol!?



    and yeah it is executable. I can call it view scheduler GUI and run as root and also just execute with /etc/blocklist.sh


    I'm just not sure why it's not creating the ipset tables and adding them to iptables. After reboot I check and they're not there. Have to run in manually after boot. I'm trying something new though with it. Trying to see if it'll create the sets without adding the tables, then have it execute an extra command to move a 2nd file to restore



    Asus Eee PC 1005PE
    Processor:
    Intel(R) Atom(TM) CPU N450 @ 1.66GHz
    Memory:
    1GB RAM
    Kernel:
    Linux 2.6.32-5-amd64
    Version: 2.0.7 (Stone burner)

  • The OpenVPN Access version is free unless you want more than 2 users to connect at the same time.


    I read that openVPN doesn't work with torrents. I download my weekly anime with torrents lol



    Asus Eee PC 1005PE
    Processor:
    Intel(R) Atom(TM) CPU N450 @ 1.66GHz
    Memory:
    1GB RAM
    Kernel:
    Linux 2.6.32-5-amd64
    Version: 2.0.7 (Stone burner)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!