Greetings!
I believe ever since I started using my FreeNAS as an FTP Server ( No-IP.com ) I started receiving these freenas.local daily security run output - login failure reports on a daily basis:
As far as I can tell, which probably isn't much, it looks like no one is able to get into my NAS but it sure IS annoying to see these mails like every ****in' day soo... Something I can/should do about this and what the hell is happening anyway - BOT Networks trying to hijack unsecured systems with default passwords?
I believe ever since I started using my FreeNAS as an FTP Server ( No-IP.com ) I started receiving these freenas.local daily security run output - login failure reports on a daily basis:
Code:
freenas.local login failures: Jul 11 00:13:58 freenas sshd[80290]: Failed password for invalid user siteadmin from 188.166.216.84 port 37673 ssh2 Jul 11 00:13:59 freenas sshd[80290]: Disconnected from invalid user siteadmin 188.166.216.84 port 37673 [preauth] Jul 11 00:14:44 freenas sshd[80309]: Failed password for invalid user openvpn from 5.135.161.94 port 46406 ssh2 Jul 11 00:14:44 freenas sshd[80309]: Disconnected from invalid user openvpn 5.135.161.94 port 46406 [preauth] Jul 11 00:28:33 freenas sshd[80882]: Failed password for invalid user test from 36.66.164.143 port 50634 ssh2 Jul 11 00:28:34 freenas sshd[80882]: Disconnected from invalid user test 36.66.164.143 port 50634 [preauth] Jul 11 00:33:21 freenas sshd[81206]: Failed password for invalid user admin from 159.89.204.44 port 61449 ssh2 Jul 11 00:33:21 freenas sshd[81206]: Connection closed by invalid user admin 159.89.204.44 port 61449 [preauth] Jul 11 00:42:03 freenas sshd[81510]: Failed password for invalid user tomcat from 106.51.226.154 port 17690 ssh2 Jul 11 00:42:03 freenas sshd[81510]: Disconnected from invalid user tomcat 106.51.226.154 port 17690 [preauth] Jul 11 00:48:11 freenas sshd[81851]: Failed password for invalid user admin from 81.174.33.242 port 58594 ssh2 Jul 11 00:48:11 freenas sshd[81851]: Connection closed by invalid user admin 81.174.33.242 port 58594 [preauth] Jul 11 00:55:03 freenas sshd[82270]: Failed password for invalid user benjamin from 142.4.204.122 port 47331 ssh2 Jul 11 00:55:03 freenas sshd[82270]: Disconnected from invalid user benjamin 142.4.204.122 port 47331 [preauth] Jul 11 01:09:03 freenas sshd[82937]: Failed password for invalid user pamela from 103.210.73.74 port 31742 ssh2 Jul 11 01:09:03 freenas sshd[82937]: Disconnected from invalid user pamela 103.210.73.74 port 31742 [preauth] Jul 11 01:22:51 freenas sshd[83638]: Failed password for invalid user admin from 151.80.41.189 port 9224 ssh2 Jul 11 01:22:51 freenas sshd[83638]: Connection closed by invalid user admin 151.80.41.189 port 9224 [preauth] Jul 11 01:27:50 freenas sshd[83799]: Failed password for invalid user admin from 52.228.70.145 port 26632 ssh2 Jul 11 01:27:50 freenas sshd[83799]: Connection closed by invalid user admin 52.228.70.145 port 26632 [preauth] Jul 11 01:44:02 freenas sshd[84693]: Failed password for invalid user admin from 5.188.10.76 port 54538 ssh2 Jul 11 01:44:02 freenas sshd[84693]: Failed password for invalid user admin from 5.188.10.76 port 54538 ssh2 Jul 11 01:44:02 freenas sshd[84693]: Failed password for invalid user admin from 5.188.10.76 port 54538 ssh2 Jul 11 01:44:02 freenas sshd[84693]: Connection closed by invalid user admin 5.188.10.76 port 54538 [preauth] Jul 11 01:49:13 freenas sshd[84880]: Failed password for invalid user admin from 87.27.150.229 port 50406 ssh2 Jul 11 01:49:13 freenas sshd[84880]: Disconnected from invalid user admin 87.27.150.229 port 50406 [preauth] Jul 11 02:24:24 freenas sshd[86664]: Failed password for invalid user techuser from 220.163.125.148 port 8680 ssh2 Jul 11 02:24:24 freenas sshd[86664]: Disconnected from invalid user techuser 220.163.125.148 port 8680 [preauth] Jul 11 02:43:30 freenas sshd[87413]: Failed password for invalid user lpa from 124.232.152.123 port 28458 ssh2 Jul 11 02:43:31 freenas sshd[87413]: Disconnected from invalid user lpa 124.232.152.123 port 28458 [preauth] Jul 11 02:44:16 freenas sshd[87637]: Failed password for invalid user admin from 49.236.203.129 port 48500 ssh2 Jul 11 02:44:16 freenas sshd[87637]: Disconnected from invalid user admin 49.236.203.129 port 48500 [preauth] Jul 11 02:48:39 freenas sshd[87766]: Failed password for invalid user webmaster from 80.211.13.50 port 51388 ssh2 Jul 11 02:48:39 freenas sshd[87766]: Disconnected from invalid user webmaster 80.211.13.50 port 51388 [preauth] Jul 11 02:55:43 freenas sshd[88161]: Failed password for invalid user browser from 221.132.85.112 port 55794 ssh2 Jul 11 02:55:43 freenas sshd[88161]: Disconnected from invalid user browser 221.132.85.112 port 55794 [preauth] Jul 11 03:06:33 freenas sshd[89289]: Failed password for invalid user joseph from 195.138.78.102 port 38917 ssh2 Jul 11 03:06:33 freenas sshd[89289]: Disconnected from invalid user joseph 195.138.78.102 port 38917 [preauth] Jul 11 03:15:24 freenas sshd[89830]: Failed password for invalid user admin from 119.29.97.129 port 33614 ssh2 Jul 11 03:15:27 freenas sshd[89830]: Disconnected from invalid user admin 119.29.97.129 port 33614 [preauth] Jul 11 03:16:13 freenas sshd[89849]: Failed password for invalid user admin from 200.68.18.72 port 43272 ssh2 Jul 11 03:16:13 freenas sshd[89849]: Connection closed by invalid user admin 200.68.18.72 port 43272 [preauth] Jul 11 04:28:48 freenas sshd[93583]: Failed password for invalid user wp from 112.78.152.35 port 37035 ssh2 Jul 11 04:28:48 freenas sshd[93583]: Disconnected from invalid user wp 112.78.152.35 port 37035 [preauth] Jul 11 04:35:39 freenas sshd[93950]: Failed password for invalid user admin from 58.250.209.205 port 5513 ssh2 Jul 11 04:35:40 freenas sshd[93950]: Connection closed by invalid user admin 58.250.209.205 port 5513 [preauth] Jul 11 04:35:47 freenas sshd[93952]: Failed password for invalid user admin from 181.211.61.184 port 47639 ssh2 Jul 11 04:35:47 freenas sshd[93952]: Connection closed by invalid user admin 181.211.61.184 port 47639 [preauth] Jul 11 04:35:51 freenas sshd[93979]: Failed password for invalid user admin from 186.47.173.209 port 36744 ssh2 Jul 11 04:35:53 freenas sshd[93979]: Connection closed by invalid user admin 186.47.173.209 port 36744 [preauth] Jul 11 04:41:11 freenas sshd[94145]: Failed password for invalid user admin from 175.126.166.235 port 23305 ssh2 Jul 11 04:41:12 freenas sshd[94145]: Connection closed by invalid user admin 175.126.166.235 port 23305 [preauth] Jul 11 06:17:14 freenas sshd[98892]: Failed password for invalid user history from 51.15.220.125 port 56382 ssh2 Jul 11 06:17:14 freenas sshd[98892]: Disconnected from invalid user history 51.15.220.125 port 56382 [preauth] Jul 11 06:26:12 freenas sshd[99347]: Failed password for invalid user admin from 87.171.219.248 port 42717 ssh2 Jul 11 06:26:12 freenas sshd[99347]: Connection closed by invalid user admin 87.171.219.248 port 42717 [preauth] Jul 11 06:26:20 freenas sshd[99349]: Failed password for invalid user ubnt from 87.171.219.248 port 42873 ssh2 Jul 11 06:26:20 freenas sshd[99349]: Connection closed by invalid user ubnt 87.171.219.248 port 42873 [preauth] Jul 11 06:34:05 freenas sshd[99800]: Failed password for invalid user admin from 183.88.34.220 port 9224 ssh2 Jul 11 06:34:05 freenas sshd[99800]: Connection closed by invalid user admin 183.88.34.220 port 9224 [preauth] Jul 11 06:34:33 freenas sshd[99802]: Failed password for invalid user porteus from 125.22.36.42 port 46926 ssh2 Jul 11 06:34:33 freenas sshd[99802]: Disconnected from invalid user porteus 125.22.36.42 port 46926 [preauth] Jul 11 07:31:17 freenas sshd[2584]: Failed password for invalid user admin from 218.17.223.53 port 55615 ssh2 Jul 11 07:31:17 freenas sshd[2584]: Connection closed by invalid user admin 218.17.223.53 port 55615 [preauth] Jul 11 07:35:00 freenas sshd[2892]: Failed password for invalid user matilda from 210.245.162.231 port 54638 ssh2 Jul 11 07:35:00 freenas sshd[2892]: Disconnected from invalid user matilda 210.245.162.231 port 54638 [preauth] Jul 11 07:43:38 freenas sshd[3141]: Failed password for invalid user admin from 123.30.16.218 port 40954 ssh2 Jul 11 07:43:39 freenas sshd[3141]: Disconnected from invalid user admin 123.30.16.218 port 40954 [preauth] Jul 11 08:00:28 freenas sshd[4208]: Failed password for invalid user michael from 122.152.197.189 port 46908 ssh2 Jul 11 08:00:29 freenas sshd[4208]: Disconnected from invalid user michael 122.152.197.189 port 46908 [preauth] Jul 11 08:05:25 freenas sshd[4396]: Failed password for invalid user admin from 5.188.10.76 port 50653 ssh2 Jul 11 08:05:25 freenas sshd[4396]: Connection closed by invalid user admin 5.188.10.76 port 50653 [preauth] Jul 11 08:05:26 freenas sshd[4398]: Failed password for invalid user admins from 5.188.10.76 port 46090 ssh2 Jul 11 08:05:26 freenas sshd[4398]: Connection closed by invalid user admins 5.188.10.76 port 46090 [preauth] Jul 11 08:05:27 freenas sshd[4400]: Failed password for invalid user apache from 5.188.10.76 port 57910 ssh2 Jul 11 08:05:27 freenas sshd[4400]: Connection closed by invalid user apache 5.188.10.76 port 57910 [preauth] Jul 11 08:13:17 freenas sshd[4786]: Failed password for invalid user theodore from 182.23.45.72 port 30423 ssh2 Jul 11 08:13:17 freenas sshd[4786]: Disconnected from invalid user theodore 182.23.45.72 port 30423 [preauth] Jul 11 08:39:32 freenas sshd[6005]: Failed password for invalid user pi from 93.182.234.245 port 35298 ssh2 Jul 11 08:39:32 freenas sshd[6007]: Failed password for invalid user pi from 93.182.234.245 port 35302 ssh2 Jul 11 08:39:32 freenas sshd[6005]: Connection closed by invalid user pi 93.182.234.245 port 35298 [preauth] Jul 11 08:39:32 freenas sshd[6007]: Connection closed by invalid user pi 93.182.234.245 port 35302 [preauth] Jul 11 11:12:04 freenas sshd[13554]: invalid public DH value: <= 1 [preauth] Jul 11 12:51:43 freenas sshd[18243]: Failed none for invalid user 0 from 5.188.10.76 port 39039 ssh2 Jul 11 12:51:43 freenas sshd[18243]: Failed password for invalid user 0 from 5.188.10.76 port 39039 ssh2 Jul 11 12:51:43 freenas sshd[18243]: Connection closed by invalid user 0 5.188.10.76 port 39039 [preauth] Jul 11 12:51:44 freenas sshd[18245]: Failed password for invalid user 0101 from 5.188.10.76 port 36314 ssh2 Jul 11 12:51:44 freenas sshd[18245]: Connection closed by invalid user 0101 5.188.10.76 port 36314 [preauth] Jul 11 13:29:18 freenas sshd[20193]: Disconnecting authenticating user root 42.7.26.88 port 57146: Too many authentication failures [preauth] Jul 11 13:29:24 freenas sshd[20195]: Disconnecting authenticating user root 42.7.26.88 port 4960: Too many authentication failures [preauth] Jul 11 13:29:39 freenas sshd[20197]: Disconnecting authenticating user root 42.7.26.88 port 18140: Too many authentication failures [preauth] Jul 11 13:29:55 freenas sshd[20199]: Disconnecting authenticating user root 42.7.26.88 port 48312: Too many authentication failures [preauth] Jul 11 13:30:01 freenas sshd[20201]: Disconnecting authenticating user root 42.7.26.88 port 12900: Too many authentication failures [preauth] Jul 11 13:30:07 freenas sshd[20224]: Disconnecting authenticating user root 42.7.26.88 port 23358: Too many authentication failures [preauth] Jul 11 13:30:14 freenas sshd[20226]: Disconnecting authenticating user root 42.7.26.88 port 35550: Too many authentication failures [preauth] Jul 11 13:30:20 freenas sshd[20233]: Disconnecting authenticating user root 42.7.26.88 port 47902: Too many authentication failures [preauth] Jul 11 13:30:35 freenas sshd[20235]: Disconnecting authenticating user root 42.7.26.88 port 58766: Too many authentication failures [preauth] Jul 11 13:30:54 freenas sshd[20237]: Disconnecting authenticating user root 42.7.26.88 port 26260: Too many authentication failures [preauth] Jul 11 13:31:00 freenas sshd[20239]: Disconnecting authenticating user root 42.7.26.88 port 63890: Too many authentication failures [preauth] Jul 11 13:31:07 freenas sshd[20270]: Disconnecting authenticating user root 42.7.26.88 port 11892: Too many authentication failures [preauth] Jul 11 14:47:42 freenas sshd[24015]: Failed password for invalid user srvadmin from 115.84.91.64 port 52058 ssh2 Jul 11 14:47:43 freenas sshd[24015]: Disconnected from invalid user srvadmin 115.84.91.64 port 52058 [preauth] Jul 11 15:50:54 freenas sshd[27065]: Failed password for invalid user pi from 121.168.243.9 port 60280 ssh2 Jul 11 15:50:54 freenas sshd[27067]: Failed password for invalid user pi from 121.168.243.9 port 60281 ssh2 Jul 11 15:50:54 freenas sshd[27065]: Connection closed by invalid user pi 121.168.243.9 port 60280 [preauth] Jul 11 15:50:55 freenas sshd[27067]: Connection closed by invalid user pi 121.168.243.9 port 60281 [preauth] Jul 11 16:24:32 freenas sshd[28821]: Failed password for invalid user phion from 58.59.113.229 port 36414 ssh2 Jul 11 16:24:33 freenas sshd[28821]: Disconnected from invalid user phion 58.59.113.229 port 36414 [preauth] Jul 11 16:27:08 freenas sshd[28885]: Failed password for invalid user admin from 49.236.214.75 port 60155 ssh2 Jul 11 16:27:08 freenas sshd[28885]: Connection closed by invalid user admin 49.236.214.75 port 60155 [preauth] Jul 11 16:27:12 freenas sshd[28887]: Failed password for invalid user admin from 171.6.149.208 port 40476 ssh2 Jul 11 16:27:12 freenas sshd[28887]: Connection closed by invalid user admin 171.6.149.208 port 40476 [preauth] Jul 11 16:27:22 freenas sshd[28889]: Failed password for invalid user admin from 119.85.156.207 port 43239 ssh2 Jul 11 16:27:22 freenas sshd[28889]: Connection closed by invalid user admin 119.85.156.207 port 43239 [preauth] Jul 11 16:51:44 freenas sshd[30008]: Failed password for invalid user admin from 202.91.82.52 port 1802 ssh2 Jul 11 16:51:44 freenas sshd[30008]: Connection closed by invalid user admin 202.91.82.52 port 1802 [preauth] Jul 11 18:44:32 freenas sshd[35626]: Failed password for invalid user 1234 from 5.188.10.76 port 36599 ssh2 Jul 11 18:44:32 freenas sshd[35626]: Connection closed by invalid user 1234 5.188.10.76 port 36599 [preauth] Jul 11 18:44:33 freenas sshd[35628]: Failed none for invalid user admin from 5.188.10.76 port 39698 ssh2 Jul 11 18:44:33 freenas sshd[35628]: Failed password for invalid user admin from 5.188.10.76 port 39698 ssh2 Jul 11 18:44:33 freenas sshd[35628]: Connection closed by invalid user admin 5.188.10.76 port 39698 [preauth] Jul 11 19:04:10 freenas sshd[36611]: Failed password for invalid user admin from 37.59.46.226 port 51558 ssh2 Jul 11 19:04:10 freenas sshd[36611]: Connection closed by invalid user admin 37.59.46.226 port 51558 [preauth] Jul 11 20:32:52 freenas sshd[40795]: Failed password for invalid user admin from 218.53.106.7 port 3594 ssh2 Jul 11 20:32:53 freenas sshd[40795]: Connection closed by invalid user admin 218.53.106.7 port 3594 [preauth] Jul 11 20:51:53 freenas sshd[41730]: Failed password for invalid user admin from 122.224.55.204 port 47112 ssh2 Jul 11 20:51:53 freenas sshd[41730]: Connection closed by invalid user admin 122.224.55.204 port 47112 [preauth] Jul 11 21:00:00 freenas sshd[42159]: Failed password for invalid user admin from 191.103.29.200 port 7945 ssh2 Jul 11 21:00:00 freenas sshd[42159]: Connection closed by invalid user admin 191.103.29.200 port 7945 [preauth] Jul 11 21:13:49 freenas sshd[42926]: Failed password for invalid user test2 from 213.86.173.228 port 9224 ssh2 Jul 11 21:13:49 freenas sshd[42926]: Connection closed by invalid user test2 213.86.173.228 port 9224 [preauth] Jul 11 21:31:00 freenas sshd[43671]: Failed password for invalid user admin from 119.145.120.162 port 28937 ssh2 Jul 11 21:31:00 freenas sshd[43671]: Connection closed by invalid user admin 119.145.120.162 port 28937 [preauth] Jul 11 21:50:34 freenas sshd[44623]: Failed password for invalid user admin from 220.173.143.203 port 9642 ssh2 Jul 11 21:50:35 freenas sshd[44623]: Connection closed by invalid user admin 220.173.143.203 port 9642 [preauth] Jul 11 22:45:33 freenas sshd[47391]: Failed password for invalid user admin from 77.55.222.88 port 38152 ssh2 Jul 11 22:45:33 freenas sshd[47391]: Connection closed by invalid user admin 77.55.222.88 port 38152 [preauth] Jul 11 23:59:19 freenas sshd[51804]: Failed password for invalid user danny from 96.68.174.209 port 5314 ssh2 Jul 11 23:59:20 freenas sshd[51804]: Disconnected from invalid user danny 96.68.174.209 port 5314 [preauth] -- End of security output --
As far as I can tell, which probably isn't much, it looks like no one is able to get into my NAS but it sure IS annoying to see these mails like every ****in' day soo... Something I can/should do about this and what the hell is happening anyway - BOT Networks trying to hijack unsecured systems with default passwords?
Last edited by a moderator: