SOLVED Unusual Authentication Activity in Security Logs

Status
Not open for further replies.

villo

Dabbler
Joined
Apr 3, 2015
Messages
19
I started seeing some unusual activity in authentication logs and would like to establish if anyone has any experience with this and if:

1) is it malicious?
2) can it be prevented? Without taking the server offline

Code:
Nov  5 02:37:29 freenas sshd[91629]: Invalid user admin from 195.154.47.194 port 57569
Nov  5 02:37:29 freenas sshd[91629]: input_userauth_request: invalid user admin [preauth]
Nov  5 02:37:29 freenas sshd[91629]: Failed password for invalid user admin from 195.154.47.194 port 57569 ssh2
Nov  5 02:37:32 freenas sshd[91631]: Invalid user admin from 195.154.47.194 port 57682
Nov  5 02:37:32 freenas sshd[91631]: input_userauth_request: invalid user admin [preauth]
Nov  5 02:37:32 freenas sshd[91631]: Failed password for invalid user admin from 195.154.47.194 port 57682 ssh2
Nov  5 02:37:34 freenas sshd[91633]: Invalid user admin from 195.154.47.194 port 57819
Nov  5 02:37:34 freenas sshd[91633]: input_userauth_request: invalid user admin [preauth]
Nov  5 02:37:34 freenas sshd[91633]: Failed password for invalid user admin from 195.154.47.194 port 57819 ssh2
Nov  5 02:37:36 freenas sshd[91635]: Invalid user mobile from 195.154.47.194 port 57926
Nov  5 02:37:36 freenas sshd[91635]: input_userauth_request: invalid user mobile [preauth]
Nov  5 02:37:36 freenas sshd[91635]: Failed password for invalid user mobile from 195.154.47.194 port 57926 ssh2
Nov  5 02:37:39 freenas sshd[91637]: Invalid user monitor from 195.154.47.194 port 58054
Nov  5 02:37:39 freenas sshd[91637]: input_userauth_request: invalid user monitor [preauth]
Nov  5 02:37:39 freenas sshd[91637]: Failed password for invalid user monitor from 195.154.47.194 port 58054 ssh2
Nov  5 02:37:41 freenas sshd[91639]: Invalid user pi from 195.154.47.194 port 58178
Nov  5 02:37:41 freenas sshd[91639]: input_userauth_request: invalid user pi [preauth]
Nov  5 02:37:41 freenas sshd[91639]: Failed password for invalid user pi from 195.154.47.194 port 58178 ssh2
Nov  5 02:37:43 freenas sshd[91641]: Failed password for root from 195.154.47.194 port 58292ssh2
Nov  5 02:37:45 freenas sshd[91643]: Invalid user ubnt from 195.154.47.194 port 58454
Nov  5 02:37:45 freenas sshd[91643]: input_userauth_request: invalid user ubnt [preauth]
Nov  5 02:37:45 freenas sshd[91643]: Failed password for invalid user ubnt from 195.154.47.194 port 58454 ssh2
Nov  5 07:09:57 freenas sshd[11645]: Invalid user support from 103.207.38.120 port 53217
Nov  5 07:09:57 freenas sshd[11645]: input_userauth_request: invalid user support [preauth]
Nov  5 07:09:57 freenas sshd[11645]: Failed password for invalid user support from 103.207.38.120 port 53217 ssh2
Nov  5 07:09:58 freenas sshd[11645]: error: Received disconnect from 103.207.38.120 port 53217:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Nov  5 07:39:56 freenas sshd[13671]: Invalid user admin from 46.17.97.112 port 43349
Nov  5 07:39:56 freenas sshd[13671]: input_userauth_request: invalid user admin [preauth]
Nov  5 07:39:56 freenas sshd[13671]: Failed password for invalid user admin from 46.17.97.112 port 43349 ssh2
Nov  5 07:39:58 freenas sshd[13673]: Invalid user admin from 171.25.193.20 port 49256
Nov  5 07:39:58 freenas sshd[13673]: input_userauth_request: invalid user admin [preauth]
Nov  5 07:39:58 freenas sshd[13673]: Failed password for invalid user admin from 171.25.193.20 port 49256 ssh2
Nov  5 07:40:07 freenas sshd[13706]: Invalid user admin from 85.248.227.164 port 36218
Nov  5 07:40:07 freenas sshd[13706]: input_userauth_request: invalid user admin [preauth]
Nov  5 07:40:07 freenas sshd[13706]: Failed password for invalid user admin from 85.248.227.164 port 36218 ssh2
Nov  5 08:02:37 freenas sshd[15370]: Invalid user admin from 195.154.47.194 port 57889
Nov  5 08:02:37 freenas sshd[15370]: input_userauth_request: invalid user admin [preauth]
Nov  5 08:02:37 freenas sshd[15370]: Failed password for invalid user admin from 195.154.47.194 port 57889 ssh2
Nov  5 08:02:40 freenas sshd[15372]: Invalid user admin from 195.154.47.194 port 58044
Nov  5 08:02:40 freenas sshd[15372]: input_userauth_request: invalid user admin [preauth]
Nov  5 08:02:40 freenas sshd[15372]: Failed password for invalid user admin from 195.154.47.194 port 58044 ssh2
Nov  5 08:02:42 freenas sshd[15374]: Invalid user admin from 195.154.47.194 port 58150
Nov  5 08:02:42 freenas sshd[15374]: input_userauth_request: invalid user admin [preauth]
Nov  5 08:02:42 freenas sshd[15374]: Failed password for invalid user admin from 195.154.47.194 port 58150 ssh2
Nov  5 08:02:45 freenas sshd[15376]: Invalid user mobile from 195.154.47.194 port 58292
Nov  5 08:02:45 freenas sshd[15376]: input_userauth_request: invalid user mobile [preauth]
Nov  5 08:02:45 freenas sshd[15376]: Failed password for invalid user mobile from 195.154.47.194 port 58292 ssh2
Nov  5 08:02:48 freenas sshd[15394]: Invalid user monitor from 195.154.47.194 port 58422
Nov  5 08:02:48 freenas sshd[15394]: input_userauth_request: invalid user monitor [preauth]
Nov  5 08:02:48 freenas sshd[15394]: Failed password for invalid user monitor from 195.154.47.194 port 58422 ssh2
Nov  5 08:02:50 freenas sshd[15396]: Invalid user pi from 195.154.47.194 port 58589
Nov  5 08:02:50 freenas sshd[15396]: input_userauth_request: invalid user pi [preauth]
Nov  5 08:02:50 freenas sshd[15396]: Failed password for invalid user pi from 195.154.47.194 port 58589 ssh2
Nov  5 08:02:54 freenas sshd[15398]: Failed password for root from 195.154.47.194 port 58743ssh2
Nov  5 08:02:56 freenas sshd[15400]: Invalid user ubnt from 195.154.47.194 port 58902
Nov  5 08:02:56 freenas sshd[15400]: input_userauth_request: invalid user ubnt [preauth]
Nov  5 08:02:56 freenas sshd[15400]: Failed password for invalid user ubnt from 195.154.47.194 port 58902 ssh2
Nov  5 10:43:12 freenas sshd[26496]: Invalid user  0101 from 5.101.40.10 port 41682
Nov  5 10:43:12 freenas sshd[26496]: input_userauth_request: invalid user  0101 [preauth]
Nov  5 10:43:12 freenas sshd[26496]: Failed password for invalid user  0101 from 5.101.40.10 port 41682 ssh2
Nov  5 10:43:13 freenas sshd[26498]: Invalid user 0 from 5.101.40.10 port 35972
Nov  5 10:43:13 freenas sshd[26498]: input_userauth_request: invalid user 0 [preauth]
Nov  5 10:43:13 freenas sshd[26498]: Failed none for invalid user 0 from 5.101.40.10 port 35972 ssh2
Nov  5 10:43:14 freenas sshd[26498]: Failed password for invalid user 0 from 5.101.40.10 port 35972 ssh2
Nov  5 11:06:27 freenas sshd[28260]: Failed password for root from 163.172.115.198 port 50924ssh2
Nov  5 11:06:27 freenas sshd[28260]: error: Received disconnect from 163.172.115.198 port 50924:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Nov  5 15:00:26 freenas sshd[44822]: Invalid user admin from 212.129.7.167 port 50568
Nov  5 15:00:26 freenas sshd[44822]: input_userauth_request: invalid user admin [preauth]
Nov  5 15:00:26 freenas sshd[44822]: Failed password for invalid user admin from 212.129.7.167 port 50568 ssh2
Nov  5 15:00:27 freenas sshd[44827]: Invalid user admin from 212.129.7.167 port 50935
Nov  5 15:00:27 freenas sshd[44827]: input_userauth_request: invalid user admin [preauth]
Nov  5 15:00:27 freenas sshd[44827]: Failed password for invalid user admin from 212.129.7.167 port 50935 ssh2
Nov  5 15:00:28 freenas sshd[44830]: Invalid user pi from 212.129.7.167 port 51345
Nov  5 15:00:28 freenas sshd[44830]: input_userauth_request: invalid user pi [preauth]
Nov  5 15:00:28 freenas sshd[44830]: Failed password for invalid user pi from 212.129.7.167 port 51345 ssh2
Nov  5 15:00:29 freenas sshd[44832]: Invalid user ubnt from 212.129.7.167 port 51693
Nov  5 15:00:29 freenas sshd[44832]: input_userauth_request: invalid user ubnt [preauth]
Nov  5 15:00:29 freenas sshd[44832]: Failed password for invalid user ubnt from 212.129.7.167 port 51693 ssh2
Nov  5 15:00:30 freenas sshd[44834]: Invalid user ftpuser from 212.129.7.167 port 52019
Nov  5 15:00:30 freenas sshd[44834]: input_userauth_request: invalid user ftpuser [preauth]
Nov  5 15:00:30 freenas sshd[44834]: Failed password for invalid user ftpuser from 212.129.7.167 port 52019 ssh2
Nov  5 15:00:31 freenas sshd[44836]: Failed password for root from 212.129.7.167 port 52427ssh2
Nov  5 15:00:32 freenas sshd[44838]: Invalid user admin from 212.129.7.167 port 52746
Nov  5 15:00:32 freenas sshd[44838]: input_userauth_request: invalid user admin [preauth]
Nov  5 15:00:32 freenas sshd[44838]: Failed password for invalid user admin from 212.129.7.167 port 52746 ssh2
Nov  5 15:00:33 freenas sshd[44840]: Invalid user PlcmSpIp from 212.129.7.167 port 53085
Nov  5 15:00:33 freenas sshd[44840]: input_userauth_request: invalid user PlcmSpIp [preauth]
Nov  5 15:00:33 freenas sshd[44840]: Failed password for invalid user PlcmSpIp from 212.129.7.167 port 53085 ssh2
Nov  5 15:00:34 freenas sshd[44842]: Invalid user user from 212.129.7.167 port 53416
Nov  5 15:00:34 freenas sshd[44842]: input_userauth_request: invalid user user [preauth]
Nov  5 15:00:34 freenas sshd[44842]: Failed password for invalid user user from 212.129.7.167 port 53416 ssh2
Nov  5 15:05:55 freenas sshd[45156]: Failed password for root from 217.182.165.152 port 33728ssh2
Nov  5 15:26:54 freenas sshd[46601]: Invalid user admin from 195.154.47.194 port 50683
Nov  5 15:26:54 freenas sshd[46601]: input_userauth_request: invalid user admin [preauth]
Nov  5 15:26:54 freenas sshd[46601]: Failed password for invalid user admin from 195.154.47.194 port 50683 ssh2
Nov  5 15:26:56 freenas sshd[46603]: Invalid user admin from 195.154.47.194 port 50838
Nov  5 15:26:56 freenas sshd[46603]: input_userauth_request: invalid user admin [preauth]
Nov  5 15:26:56 freenas sshd[46603]: Failed password for invalid user admin from 195.154.47.194 port 50838 ssh2
Nov  5 15:26:58 freenas sshd[46605]: Invalid user admin from 195.154.47.194 port 50994
Nov  5 15:26:58 freenas sshd[46605]: input_userauth_request: invalid user admin [preauth]
Nov  5 15:26:58 freenas sshd[46605]: Failed password for invalid user admin from 195.154.47.194 port 50994 ssh2
Nov  5 15:27:01 freenas sshd[46607]: Invalid user mobile from 195.154.47.194 port 51135
Nov  5 15:27:01 freenas sshd[46607]: input_userauth_request: invalid user mobile [preauth]
Nov  5 15:27:01 freenas sshd[46607]: Failed password for invalid user mobile from 195.154.47.194 port 51135 ssh2
Nov  5 15:27:03 freenas sshd[46621]: Invalid user monitor from 195.154.47.194 port 51327
Nov  5 15:27:03 freenas sshd[46621]: input_userauth_request: invalid user monitor [preauth]
Nov  5 15:27:03 freenas sshd[46621]: Failed password for invalid user monitor from 195.154.47.194 port 51327 ssh2
Nov  5 15:27:06 freenas sshd[46632]: Invalid user pi from 195.154.47.194 port 51500
Nov  5 15:27:06 freenas sshd[46632]: input_userauth_request: invalid user pi [preauth]
Nov  5 15:27:06 freenas sshd[46632]: Failed password for invalid user pi from 195.154.47.194 port 51500 ssh2
Nov  5 15:27:08 freenas sshd[46650]: Failed password for root from 195.154.47.194 port 51639ssh2
Nov  5 15:27:10 freenas sshd[46652]: Invalid user ubnt from 195.154.47.194 port 51774
Nov  5 15:27:10 freenas sshd[46652]: input_userauth_request: invalid user ubnt [preauth]
Nov  5 15:27:10 freenas sshd[46652]: Failed password for invalid user ubnt from 195.154.47.194 port 51774 ssh2
Nov  5 16:52:51 freenas sshd[52612]: Invalid user pi from 179.182.87.5 port 40624
Nov  5 16:52:51 freenas sshd[52612]: input_userauth_request: invalid user pi [preauth]
Nov  5 16:52:51 freenas sshd[52611]: Invalid user pi from 179.182.87.5 port 40622
Nov  5 16:52:51 freenas sshd[52611]: input_userauth_request: invalid user pi [preauth]
Nov  5 16:52:52 freenas sshd[52611]: Failed password for invalid user pi from 179.182.87.5 port 40622 ssh2
Nov  5 16:52:52 freenas sshd[52612]: Failed password for invalid user pi from 179.182.87.5 port 40624 ssh2
Nov  5 18:16:56 freenas sshd[58671]: Failed password for root from 103.207.39.85 port 63330ssh2
Nov  5 18:44:01 freenas sshd[60485]: Invalid user  0101 from 5.101.40.10 port 46934
Nov  5 18:44:01 freenas sshd[60485]: input_userauth_request: invalid user  0101 [preauth]
Nov  5 18:44:01 freenas sshd[60485]: Failed password for invalid user  0101 from 5.101.40.10 port 46934 ssh2
Nov  5 18:44:03 freenas sshd[60603]: Invalid user 0 from 5.101.40.10 port 56365
Nov  5 18:44:03 freenas sshd[60603]: input_userauth_request: invalid user 0 [preauth]
Nov  5 18:44:03 freenas sshd[60603]: Failed none for invalid user 0 from 5.101.40.10 port 56365 ssh2
Nov  5 18:44:03 freenas sshd[60603]: Failed password for invalid user 0 from 5.101.40.10 port 56365 ssh2
Nov  5 18:44:04 freenas sshd[60610]: Invalid user 1234 from 5.101.40.10 port 35294
Nov  5 18:44:04 freenas sshd[60610]: input_userauth_request: invalid user 1234 [preauth]
Nov  5 18:44:04 freenas sshd[60610]: Failed password for invalid user 1234 from 5.101.40.10 port 35294 ssh2
Nov  5 18:44:05 freenas sshd[60612]: Invalid user admin from 5.101.40.10 port 37566
Nov  5 18:44:05 freenas sshd[60612]: input_userauth_request: invalid user admin [preauth]
Nov  5 18:44:05 freenas sshd[60612]: Failed none for invalid user admin from 5.101.40.10 port 37566ssh2
Nov  5 18:44:07 freenas sshd[60614]: Invalid user admin from 5.101.40.10 port 42619
Nov  5 18:44:07 freenas sshd[60614]: input_userauth_request: invalid user admin [preauth]
Nov  5 18:44:07 freenas sshd[60614]: Failed password for invalid user admin from 5.101.40.10 port 42619 ssh2
Nov  5 18:44:07 freenas sshd[60614]: Failed password for invalid user admin from 5.101.40.10 port 42619 ssh2
Nov  5 18:44:07 freenas sshd[60614]: Failed password for invalid user admin from 5.101.40.10 port 42619 ssh2
Nov  5 18:44:07 freenas sshd[60614]: Failed password for invalid user admin from 5.101.40.10 port 42619 ssh2
Nov  5 18:44:07 freenas sshd[60614]: Failed password for invalid user admin from 5.101.40.10 port 42619 ssh2
Nov  5 18:44:09 freenas sshd[60616]: Invalid user admin from 5.101.40.10 port 50738
Nov  5 18:44:09 freenas sshd[60616]: input_userauth_request: invalid user admin [preauth]
Nov  5 18:44:09 freenas sshd[60616]: Failed password for invalid user admin from 5.101.40.10 port 50738 ssh2
Nov  5 18:44:09 freenas sshd[60616]: Failed password for invalid user admin from 5.101.40.10 port 50738 ssh2
Nov  5 18:44:09 freenas sshd[60616]: Failed password for invalid user admin from 5.101.40.10 port 50738 ssh2
Nov  5 18:44:10 freenas sshd[60616]: Failed password for invalid user admin from 5.101.40.10 port 50738 ssh2
Nov  5 18:44:10 freenas sshd[60616]: Failed password for invalid user admin from 5.101.40.10 port 50738 ssh2
Nov  5 18:44:13 freenas sshd[60618]: Invalid user admin from 5.101.40.10 port 37222
Nov  5 18:44:13 freenas sshd[60618]: input_userauth_request: invalid user admin [preauth]
Nov  5 18:44:13 freenas sshd[60618]: Failed password for invalid user admin from 5.101.40.10 port 37222 ssh2
Nov  5 18:44:14 freenas sshd[60620]: Invalid user default from 5.101.40.10 port 39612
Nov  5 18:44:14 freenas sshd[60620]: input_userauth_request: invalid user default [preauth]
Nov  5 18:44:14 freenas sshd[60620]: Failed password for invalid user default from 5.101.40.10 port 39612 ssh2
Nov  5 18:44:14 freenas sshd[60620]: Failed password for invalid user default from 5.101.40.10 port 39612 ssh2
Nov  5 18:44:16 freenas sshd[60622]: Failed password for ftp from 5.101.40.10 port 49443 ssh2
Nov  5 18:44:17 freenas sshd[60624]: Invalid user guest from 5.101.40.10 port 41852
Nov  5 18:44:17 freenas sshd[60624]: input_userauth_request: invalid user guest [preauth]
Nov  5 18:44:17 freenas sshd[60624]: Failed password for invalid user guest from 5.101.40.10 port 41852 ssh2
Nov  5 18:44:20 freenas sshd[60628]: Failed password for operator from 5.101.40.10 port 37743ssh2
Nov  5 18:44:22 freenas sshd[60630]: Invalid user osmc from 5.101.40.10 port 37429
Nov  5 18:44:22 freenas sshd[60630]: input_userauth_request: invalid user osmc [preauth]
Nov  5 18:44:22 freenas sshd[60630]: Failed password for invalid user osmc from 5.101.40.10 port 37429 ssh2
Nov  5 18:44:23 freenas sshd[60632]: Failed password for root from 5.101.40.10 port 60977 ssh2
Nov  5 18:44:24 freenas sshd[60632]: Failed password for root from 5.101.40.10 port 60977 ssh2
Nov  5 18:44:26 freenas sshd[60636]: Invalid user support from 5.101.40.10 port 46195
Nov  5 18:44:26 freenas sshd[60636]: input_userauth_request: invalid user support [preauth]
Nov  5 18:44:26 freenas sshd[60636]: Failed password for invalid user support from 5.101.40.10 port 46195 ssh2
Nov  5 18:44:27 freenas sshd[60638]: Invalid user telecomadmin from 5.101.40.10 port 55275
Nov  5 18:44:27 freenas sshd[60638]: input_userauth_request: invalid user telecomadmin [preauth]
Nov  5 18:44:27 freenas sshd[60638]: Failed password for invalid user telecomadmin from 5.101.40.10 port 55275 ssh2
Nov  5 18:44:28 freenas sshd[60640]: Invalid user test from 5.101.40.10 port 57910
Nov  5 18:44:28 freenas sshd[60640]: input_userauth_request: invalid user test [preauth]
Nov  5 18:44:28 freenas sshd[60640]: Failed password for invalid user test from 5.101.40.10 port 57910 ssh2
Nov  5 18:44:30 freenas sshd[60642]: Invalid user ubnt from 5.101.40.10 port 47527
Nov  5 18:44:30 freenas sshd[60642]: input_userauth_request: invalid user ubnt [preauth]
Nov  5 18:44:30 freenas sshd[60642]: Failed password for invalid user ubnt from 5.101.40.10 port 47527 ssh2
Nov  5 18:44:33 freenas sshd[60644]: Invalid user user from 5.101.40.10 port 54458
Nov  5 18:44:33 freenas sshd[60644]: input_userauth_request: invalid user user [preauth]
Nov  5 18:44:33 freenas sshd[60644]: Failed password for invalid user user from 5.101.40.10 port 54458 ssh2
Nov  5 18:44:34 freenas sshd[60646]: Invalid user user from 5.101.40.10 port 35465
Nov  5 18:44:34 freenas sshd[60646]: input_userauth_request: invalid user user [preauth]
Nov  5 18:44:34 freenas sshd[60646]: Failed password for invalid user user from 5.101.40.10 port 35465 ssh2
Nov  5 18:44:35 freenas sshd[60648]: Invalid user user1 from 5.101.40.10 port 42522
Nov  5 18:44:35 freenas sshd[60648]: input_userauth_request: invalid user user1 [preauth]
Nov  5 18:44:35 freenas sshd[60648]: Failed none for invalid user user1 from 5.101.40.10 port 42522ssh2
Nov  5 18:44:35 freenas sshd[60648]: Failed password for invalid user user1 from 5.101.40.10 port 42522 ssh2
Nov  5 19:44:33 freenas sshd[64889]: Invalid user oracle from 91.212.150.203 port 49633
Nov  5 19:44:33 freenas sshd[64889]: input_userauth_request: invalid user oracle [preauth]
Nov  5 19:44:33 freenas sshd[64889]: Failed password for invalid user oracle from 91.212.150.203 port 49633 ssh2
Nov  5 19:44:33 freenas sshd[64889]: Failed password for invalid user oracle from 91.212.150.203 port 49633 ssh2
Nov  5 19:44:33 freenas sshd[64889]: Failed password for invalid user oracle from 91.212.150.203 port 49633 ssh2
Nov  5 19:51:47 freenas sshd[65311]: Invalid user admin from 195.22.126.177 port 39213
Nov  5 19:51:47 freenas sshd[65311]: input_userauth_request: invalid user admin [preauth]
Nov  5 19:51:47 freenas sshd[65311]: Failed password for invalid user admin from 195.22.126.177 port 39213 ssh2
Nov  5 19:51:48 freenas sshd[65326]: Invalid user admin from 37.187.94.86 port 56648
Nov  5 19:51:48 freenas sshd[65326]: input_userauth_request: invalid user admin [preauth]
Nov  5 19:51:48 freenas sshd[65326]: Failed password for invalid user admin from 37.187.94.86 port 56648 ssh2
Nov  5 19:51:50 freenas sshd[65332]: Invalid user admin from 62.102.148.67 port 37850
Nov  5 19:51:50 freenas sshd[65332]: input_userauth_request: invalid user admin [preauth]
Nov  5 19:51:50 freenas sshd[65332]: Failed password for invalid user admin from 62.102.148.67 port 37850 ssh2
Nov  5 19:57:43 freenas sshd[65776]: Failed password for root from 123.249.76.76 port 17658ssh2
Nov  5 19:57:44 freenas sshd[65776]: Failed password for root from 123.249.76.76 port 17658ssh2
Nov  5 19:57:45 freenas sshd[65776]: Failed password for root from 123.249.76.76 port 17658ssh2
Nov  5 19:57:46 freenas sshd[65776]: Failed password for root from 123.249.76.76 port 17658ssh2
Nov  5 19:57:47 freenas sshd[65776]: Failed password for root from 123.249.76.76 port 17658ssh2
Nov  5 19:57:48 freenas sshd[65776]: Failed password for root from 123.249.76.76 port 17658ssh2
Nov  5 19:57:48 freenas sshd[65776]: Disconnecting: Too many authentication failures [preauth]
Nov  5 19:57:57 freenas sshd[65778]: Failed password for root from 123.249.76.76 port 38779ssh2
Nov  5 19:57:58 freenas sshd[65778]: Failed password for root from 123.249.76.76 port 38779ssh2
Nov  5 19:57:59 freenas sshd[65778]: Failed password for root from 123.249.76.76 port 38779ssh2
Nov  5 19:58:02 freenas sshd[65778]: Failed password for root from 123.249.76.76 port 38779ssh2
Nov  5 19:58:03 freenas sshd[65778]: Failed password for root from 123.249.76.76 port 38779ssh2
Nov  5 19:58:04 freenas sshd[65778]: Failed password for root from 123.249.76.76 port 38779ssh2
Nov  5 19:58:04 freenas sshd[65778]: Disconnecting: Too many authentication failures [preauth]
Nov  5 19:58:29 freenas sshd[65839]: Failed password for root from 123.249.76.76 port 31417ssh2
Nov  5 19:58:30 freenas sshd[65839]: Failed password for root from 123.249.76.76 port 31417ssh2
Nov  5 19:58:31 freenas sshd[65839]: Failed password for root from 123.249.76.76 port 31417ssh2
Nov  5 19:58:32 freenas sshd[65839]: Failed password for root from 123.249.76.76 port 31417ssh2
Nov  5 19:58:33 freenas sshd[65839]: Failed password for root from 123.249.76.76 port 31417ssh2
Nov  5 19:58:34 freenas sshd[65839]: Failed password for root from 123.249.76.76 port 31417ssh2
Nov  5 19:58:34 freenas sshd[65839]: Disconnecting: Too many authentication failures [preauth]
Nov  5 19:59:04 freenas sshd[65867]: Failed password for root from 123.249.76.76 port 17434ssh2
Nov  5 19:59:05 freenas sshd[65867]: Failed password for root from 123.249.76.76 port 17434ssh2
Nov  5 19:59:06 freenas sshd[65867]: Failed password for root from 123.249.76.76 port 17434ssh2
Nov  5 19:59:07 freenas sshd[65867]: Failed password for root from 123.249.76.76 port 17434ssh2
Nov  5 19:59:08 freenas sshd[65867]: Failed password for root from 123.249.76.76 port 17434ssh2
Nov  5 19:59:09 freenas sshd[65867]: Failed password for root from 123.249.76.76 port 17434ssh2
Nov  5 19:59:09 freenas sshd[65867]: Disconnecting: Too many authentication failures [preauth]
Nov  5 20:34:11 freenas sshd[68901]: Failed password for root from 115.71.236.118 port 51316ssh2
Nov  5 20:34:12 freenas sshd[68901]: Failed password for root from 115.71.236.118 port 51316ssh2
Nov  5 21:37:06 freenas sshd[73306]: Invalid user admin from 195.154.47.194 port 49748
Nov  5 21:37:06 freenas sshd[73306]: input_userauth_request: invalid user admin [preauth]
Nov  5 21:37:06 freenas sshd[73306]: Failed password for invalid user admin from 195.154.47.194 port 49748 ssh2
Nov  5 21:37:09 freenas sshd[73324]: Invalid user admin from 195.154.47.194 port 49881
Nov  5 21:37:09 freenas sshd[73324]: input_userauth_request: invalid user admin [preauth]
Nov  5 21:37:09 freenas sshd[73324]: Failed password for invalid user admin from 195.154.47.194 port 49881 ssh2
Nov  5 21:37:10 freenas sshd[73330]: Invalid user admin from 195.154.47.194 port 50035
Nov  5 21:37:10 freenas sshd[73330]: input_userauth_request: invalid user admin [preauth]
Nov  5 21:37:10 freenas sshd[73330]: Failed password for invalid user admin from 195.154.47.194 port 50035 ssh2
Nov  5 21:37:14 freenas sshd[73348]: Invalid user mobile from 195.154.47.194 port 50178
Nov  5 21:37:14 freenas sshd[73348]: input_userauth_request: invalid user mobile [preauth]
Nov  5 21:37:14 freenas sshd[73348]: Failed password for invalid user mobile from 195.154.47.194 port 50178 ssh2
Nov  5 21:37:16 freenas sshd[73350]: Invalid user monitor from 195.154.47.194 port 50359
Nov  5 21:37:16 freenas sshd[73350]: input_userauth_request: invalid user monitor [preauth]
Nov  5 21:37:16 freenas sshd[73350]: Failed password for invalid user monitor from 195.154.47.194 port 50359 ssh2
Nov  5 21:37:18 freenas sshd[73352]: Invalid user pi from 195.154.47.194 port 50480
Nov  5 21:37:18 freenas sshd[73352]: input_userauth_request: invalid user pi [preauth]
Nov  5 21:37:18 freenas sshd[73352]: Failed password for invalid user pi from 195.154.47.194 port 50480 ssh2
Nov  5 21:37:19 freenas sshd[73354]: Failed password for root from 195.154.47.194 port 50595ssh2
Nov  5 21:37:21 freenas sshd[73356]: Invalid user ubnt from 195.154.47.194 port 50725
Nov  5 21:37:21 freenas sshd[73356]: input_userauth_request: invalid user ubnt [preauth]
Nov  5 21:37:21 freenas sshd[73356]: Failed password for invalid user ubnt from 195.154.47.194 port 50725 ssh2
Nov  5 23:38:08 freenas sshd[82402]: Invalid user pi from 71.70.167.192 port 37314
Nov  5 23:38:08 freenas sshd[82402]: input_userauth_request: invalid user pi [preauth]
Nov  5 23:38:08 freenas sshd[82402]: Failed password for invalid user pi from 71.70.167.192 port 37314 ssh2
Nov  5 23:38:08 freenas sshd[82404]: Invalid user pi from 71.70.167.192 port 37316
Nov  5 23:38:08 freenas sshd[82404]: input_userauth_request: invalid user pi [preauth]
Nov  5 23:38:08 freenas sshd[82404]: Failed password for invalid user pi from 71.70.167.192 port 37316 ssh2
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
Why is your FreeNAS system exposed to the Internet? It should be behind at least one firewall to protect it from this very type of attack.
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
1) is it malicious?
2) can it be prevented? Without taking the server offline
Yes, it is malicious, it is a whole series of brute force attacks.

It can be prevented with a firewall.
 

villo

Dabbler
Joined
Apr 3, 2015
Messages
19
Why is your FreeNAS system exposed to the Internet? It should be behind at least one firewall to protect it from this very type of attack.

It’s on the internet because I access files on it remotely. I presumed that my router had the firewall option enabled by default.
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
It’s on the internet because I access files on it remotely. I presumed that my router had the firewall option enabled by default.
Not if you had it in something like a DMZ.
You should keep the NAS inside the protected network and use a VPN to connect from your remote site to the network where the NAS is so that traffic is protected and to keep the NAS from touching the internet. Safer that way.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,176
It’s on the internet because I access files on it remotely. I presumed that my router had the firewall option enabled by default.
That's not how things work.

The proper way to do what you want to do is to use a VPN.
 

villo

Dabbler
Joined
Apr 3, 2015
Messages
19
Do you have any articles or references on how to get that set-up?
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
Do you have any articles or references on how to get that set-up?
How you set it up depends on the exact nature of the solution you select. Some routers have builtin VPN capability and others do not. You can also obtain a VPN software solution.
Check this out: http://bfy.tw/EskU
 

Redcoat

MVP
Joined
Feb 18, 2014
Messages
2,924

villo

Dabbler
Joined
Apr 3, 2015
Messages
19
So in summary, is disabling password authentication, and logging in using public key authentication sufficient, or is VPN really necessary? I’m trying to minimize any set-up/maintenance on the client side.
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
So in summary, is disabling password authentication, and logging in using public key authentication sufficient, or is VPN really necessary? I’m trying to minimize any set-up/maintenance on the client side.
The VPN option is better. The FreeNAS system should not touch the internet.
 

Redcoat

MVP
Joined
Feb 18, 2014
Messages
2,924
The VPN option is better.
I agree with @Chris Moore - sounds like your best choice for ease of setup would be a router with built-in VPN server capability (see post #138 in the link I gave you) - then each client only needs the VPN client software and the particular key file.
 
Status
Not open for further replies.
Top