Is this many attacks normal?

  • I don't usually check my auth log, but last night I did and I had apparently been targeted by someone in china. So modified my iptables to block him and upgrade a few things security wise and all was fine again. But around 8pm today I stared get hit from someone in Turkey, every few seconds (example in the code box).They're not getting through, but really trying. I even decided to just close all my ports even (now I can't even SSH outside my house lol. I'm just curious if this is normal, or if I should contact my provider (Comcast) and tell them there is malicious attacks against my IP and hope they give me a new IP (it hasn't changed in 2 years).


    Modpic.gif

    Dell Precision T3500
    Processor:
    Intel Core i7 960 @3.2ghz
    Memory:
    26GB RAM
    Kernel: Linux 5.10.0-0.bpo.9-amd64
    Version: 5.6.2-1 (Usul) Debian Buster [From Fresh Install of 5]

    • Offizieller Beitrag

    Is pretty normal, if you have ssh wan22 port open. Forward a high random port in wan to lan 22 in Omv. Also use a private rsa key to authenticate, deactivate password access.
    there is a guide on how to secure ssh access in the forum.

  • IP renewal is a good thing to stop those attacks but does only help if they use the IP instead of the DynDNS name.


    Like the auth.log says, these could be possible break-in attempts. I´d close all ports you do not need and switch to VPN instead.
    If you really need SSH access remotely, have a look at this great guide from sub - [GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)


    Rerouting well known ports to randome higher ports is also a good idea.


    Contacting you provider may also help.

  • Oh, my SSH is private key only. already did all that lol. And VPN costs money. Comcast said they couldn't change my ip because it is DHCP, utter BS IMO, they're just lazy. @subzero79 how do I forward a high wan port to 22 in OMV?



    Extra Q if either of you want to answer it, how to make this script (blocklist.sh) run after boot? already tried `crontab -e` as root and added `@restart /etc/blocklist.sh` and also tried adding the script to `/etc/network/if-pre-up.d/iptables` and also tried to add to init.d and update, but got an error that it couldn't do it because it required watchdog or something.


    Modpic.gif

    Dell Precision T3500
    Processor:
    Intel Core i7 960 @3.2ghz
    Memory:
    26GB RAM
    Kernel: Linux 5.10.0-0.bpo.9-amd64
    Version: 5.6.2-1 (Usul) Debian Buster [From Fresh Install of 5]

  • @WastlJ Oh I thought he meant actually within OMV lol. I was like, cool, how lol!?



    and yeah it is executable. I can call it view scheduler GUI and run as root and also just execute with /etc/blocklist.sh


    I'm just not sure why it's not creating the ipset tables and adding them to iptables. After reboot I check and they're not there. Have to run in manually after boot. I'm trying something new though with it. Trying to see if it'll create the sets without adding the tables, then have it execute an extra command to move a 2nd file to restore

    Modpic.gif

    Dell Precision T3500
    Processor:
    Intel Core i7 960 @3.2ghz
    Memory:
    26GB RAM
    Kernel: Linux 5.10.0-0.bpo.9-amd64
    Version: 5.6.2-1 (Usul) Debian Buster [From Fresh Install of 5]

  • And VPN costs money.



    I've been using VPN for over 10 years and never paid a dime. What do you think we have the 2 OpenVPN plugins for??? The community version is free period. The OpenVPN Access version is free unless you want more than 2 users to connect at the same time.

  • The OpenVPN Access version is free unless you want more than 2 users to connect at the same time.


    I read that openVPN doesn't work with torrents. I download my weekly anime with torrents lol

    Modpic.gif

    Dell Precision T3500
    Processor:
    Intel Core i7 960 @3.2ghz
    Memory:
    26GB RAM
    Kernel: Linux 5.10.0-0.bpo.9-amd64
    Version: 5.6.2-1 (Usul) Debian Buster [From Fresh Install of 5]

  • apt-get install fail2ban


    Yeah, going to do that today. Was working on something yesterday that stopped that that lol

    Modpic.gif

    Dell Precision T3500
    Processor:
    Intel Core i7 960 @3.2ghz
    Memory:
    26GB RAM
    Kernel: Linux 5.10.0-0.bpo.9-amd64
    Version: 5.6.2-1 (Usul) Debian Buster [From Fresh Install of 5]

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!