infinitatus
Dabbler
- Joined
- Jan 13, 2013
- Messages
- 13
Every night, I see that my FreeNas server is being scanned. They are obvious bots scanning for a weakness: (This is just a little part of the whole message:
Jan 27 01:53:23 freenas sshd[12742]: Invalid user admin from 66.18.176.156
Jan 27 01:53:23 freenas sshd[12742]: Failed password for invalid user admin from 66.18.176.156 port 57468 ssh2
Jan 27 03:26:00 freenas sshd[14341]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 93.158.147.8
Jan 27 03:26:01 freenas sshd[14344]: Bad protocol version identification 'GET / HTTP/1.1' from 93.158.147.8
Jan 27 03:26:02 freenas sshd[14345]: Bad protocol version identification 'GET / HTTP/1.1' from 93.158.147.8
Jan 27 08:08:54 freenas sshd[17605]: Bad protocol version identification 'HEAD / HTTP/1.1' from 1.202.218.68
Jan 27 08:09:06 freenas sshd[17612]: Bad protocol version identification 'GET / HTTP/1.1' from 1.202.218.68
Jan 27 08:37:53 freenas sshd[17937]: Bad protocol version identification 'GET / HTTP/1.1' from 211.99.227.130
Jan 27 08:39:10 freenas sshd[17950]: Bad protocol version identification 'GET /robots.txt HTTP/1.0' from 85.25.246.225
Jan 27 08:39:13 freenas sshd[17951]: Bad protocol version identification 'GET /robots.txt HTTP/1.0' from 85.25.246.225
Jan 27 08:39:16 freenas sshd[17952]: Bad protocol version identification 'GET / HTTP/1.0' from 85.25.246.225
Jan 27 10:39:16 freenas sshd[19356]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 66.249.74.239
Jan 27 10:59:01 freenas sshd[19577]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 66.249.74.239
Jan 27 11:48:00 freenas sshd[20142]: Bad protocol version identification 'HEAD / HTTP/1.0' from 122.170.0.119
Jan 27 12:02:40 freenas sshd[20330]: Failed password for invalid user root from 211.95.73.50 port 53878 ssh2
Jan 27 13:11:52 freenas sshd[21136]: Failed password for invalid user root from 221.13.34.3 port 54813 ssh2
Jan 27 13:11:56 freenas sshd[21138]: Invalid user db2inst1 from 221.13.34.3
Jan 27 13:11:56 freenas sshd[21138]: Failed password for invalid user db2inst1 from 221.13.34.3 port 56186 ssh2
Jan 27 13:12:00 freenas sshd[21140]: Failed password for invalid user root from 221.13.34.3 port 57558 ssh2
Jan 27 13:12:07 freenas sshd[21148]: Invalid user prueba from 221.13.34.3
Jan 27 13:12:07 freenas sshd[21148]: Failed password for invalid user prueba from 221.13.34.3 port 58915 ssh2
Jan 27 13:12:11 freenas sshd[21150]: Failed password for invalid user bin from 221.13.34.3 port 33089 ssh2
Jan 27 13:12:14 freenas sshd[21152]: Invalid user postgres from 221.13.34.3
Jan 27 13:12:14 freenas sshd[21152]: Failed password for invalid user postgres from 221.13.34.3 port 34420 ssh2
Jan 27 13:12:19 freenas sshd[21154]: Failed password for invalid user root from 221.13.34.3 port 35782 ssh2
Jan 27 13:12:23 freenas sshd[21156]: Failed password for invalid user root from 221.13.34.3 port 37532 ssh2
Jan 27 13:12:27 freenas sshd[21158]: Failed password for invalid user root from 221.13.34.3 port 38917 ssh2 ...)
this server is a private server, which should not be interesting for bots.
I already configured ssh so that root access is imposible. Only 1 concurrend line is possible after 2 min or after 2 tries the user is rejected. I am the only user with access to ssh, which i only use to administer the server when I am not in the internal network. The clients in the internal network use CIFS and cannot access from the internet. The webgui cannot being accessed from the internet. In short the only port open in my router is the ssh one. The router is not only NAT but has a firewall too.
Should I still be worried or not? Is this the normal internet behaviour of today?
Do you have other suggestions? I have heard of fail2ban, but that means that you need at least you need at least ipfw in you kernel configured. And I am no hero to change the kernel and make a new FreeNas image.
Jan 27 01:53:23 freenas sshd[12742]: Invalid user admin from 66.18.176.156
Jan 27 01:53:23 freenas sshd[12742]: Failed password for invalid user admin from 66.18.176.156 port 57468 ssh2
Jan 27 03:26:00 freenas sshd[14341]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 93.158.147.8
Jan 27 03:26:01 freenas sshd[14344]: Bad protocol version identification 'GET / HTTP/1.1' from 93.158.147.8
Jan 27 03:26:02 freenas sshd[14345]: Bad protocol version identification 'GET / HTTP/1.1' from 93.158.147.8
Jan 27 08:08:54 freenas sshd[17605]: Bad protocol version identification 'HEAD / HTTP/1.1' from 1.202.218.68
Jan 27 08:09:06 freenas sshd[17612]: Bad protocol version identification 'GET / HTTP/1.1' from 1.202.218.68
Jan 27 08:37:53 freenas sshd[17937]: Bad protocol version identification 'GET / HTTP/1.1' from 211.99.227.130
Jan 27 08:39:10 freenas sshd[17950]: Bad protocol version identification 'GET /robots.txt HTTP/1.0' from 85.25.246.225
Jan 27 08:39:13 freenas sshd[17951]: Bad protocol version identification 'GET /robots.txt HTTP/1.0' from 85.25.246.225
Jan 27 08:39:16 freenas sshd[17952]: Bad protocol version identification 'GET / HTTP/1.0' from 85.25.246.225
Jan 27 10:39:16 freenas sshd[19356]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 66.249.74.239
Jan 27 10:59:01 freenas sshd[19577]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 66.249.74.239
Jan 27 11:48:00 freenas sshd[20142]: Bad protocol version identification 'HEAD / HTTP/1.0' from 122.170.0.119
Jan 27 12:02:40 freenas sshd[20330]: Failed password for invalid user root from 211.95.73.50 port 53878 ssh2
Jan 27 13:11:52 freenas sshd[21136]: Failed password for invalid user root from 221.13.34.3 port 54813 ssh2
Jan 27 13:11:56 freenas sshd[21138]: Invalid user db2inst1 from 221.13.34.3
Jan 27 13:11:56 freenas sshd[21138]: Failed password for invalid user db2inst1 from 221.13.34.3 port 56186 ssh2
Jan 27 13:12:00 freenas sshd[21140]: Failed password for invalid user root from 221.13.34.3 port 57558 ssh2
Jan 27 13:12:07 freenas sshd[21148]: Invalid user prueba from 221.13.34.3
Jan 27 13:12:07 freenas sshd[21148]: Failed password for invalid user prueba from 221.13.34.3 port 58915 ssh2
Jan 27 13:12:11 freenas sshd[21150]: Failed password for invalid user bin from 221.13.34.3 port 33089 ssh2
Jan 27 13:12:14 freenas sshd[21152]: Invalid user postgres from 221.13.34.3
Jan 27 13:12:14 freenas sshd[21152]: Failed password for invalid user postgres from 221.13.34.3 port 34420 ssh2
Jan 27 13:12:19 freenas sshd[21154]: Failed password for invalid user root from 221.13.34.3 port 35782 ssh2
Jan 27 13:12:23 freenas sshd[21156]: Failed password for invalid user root from 221.13.34.3 port 37532 ssh2
Jan 27 13:12:27 freenas sshd[21158]: Failed password for invalid user root from 221.13.34.3 port 38917 ssh2 ...)
this server is a private server, which should not be interesting for bots.
I already configured ssh so that root access is imposible. Only 1 concurrend line is possible after 2 min or after 2 tries the user is rejected. I am the only user with access to ssh, which i only use to administer the server when I am not in the internal network. The clients in the internal network use CIFS and cannot access from the internet. The webgui cannot being accessed from the internet. In short the only port open in my router is the ssh one. The router is not only NAT but has a firewall too.
Should I still be worried or not? Is this the normal internet behaviour of today?
Do you have other suggestions? I have heard of fail2ban, but that means that you need at least you need at least ipfw in you kernel configured. And I am no hero to change the kernel and make a new FreeNas image.