Is my Freenas been hacked?

mvcad

Contributor
Joined
Feb 25, 2018
Messages
116
Hi all, I've got this messages today.
Code:
Nov  3 00:16:37 MVfreenas sshd[47927]: error: maximum authentication attempts exceeded for root from 5.189.164.178 port 46035 ssh2 [preauth]
Nov  3 13:27:34 MVfreenas sshd[20613]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:27:35 MVfreenas sshd[20615]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:27:41 MVfreenas sshd[20618]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:28:09 MVfreenas sshd[20676]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:28:10 MVfreenas sshd[20678]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:28:14 MVfreenas sshd[20680]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:31:46 MVfreenas sshd[20966]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:31:49 MVfreenas sshd[20968]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  3 13:33:14 MVfreenas sshd[21118]: fatal: userauth_pubkey: incomplete message [preauth]
Nov  4 00:00:00 MVfreenas syslog-ng[2493]: Configuration reload request received, reloading configuration;
Nov  4 00:00:00 MVfreenas syslog-ng[2493]: Configuration reload finished;
Nov  3 23:27:57 MVfreenas /middlewared[238]: ECDSA Fingerprint of the SSH KEY: **********************************


What does it mean. Did the hacker get access to my system?
As a precaution I closed the port on my modem that I was using to ssh to my NAS from the internet, and I also disabled ssh service.
anything else I should do? any tips to prevent this in the future?

I am not an IT professional so any hell is greatly appreciated

Thanks for reading and have a nice day.

Hardware in my signature.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
I closed the port on my modem that I was using to ssh to my NAS from the internet
Good. Don't open it again. If you need to remotely access resources on your LAN, use a VPN.
 

mvcad

Contributor
Joined
Feb 25, 2018
Messages
116
Good. Don't open it again. If you need to remotely access resources on your LAN, use a VPN.
Thanks, I already have an OpenVPN server implemented, so from no on I will use it as the only mean to access my LAN over internet.
Even though I closed the port, is there any chance the hacker still has access to my system? I ask this beacause of the fingerprint message on my console.
 
Top