freenas.local login failures question

Status
Not open for further replies.
andrewjs18

andrewjs18

Contributor
Joined
Oct 19, 2014
Messages
141
I see these every now and then come through my email for my freenas box. any ideas what's going on and/or how to help stop them?

Code:
freenas.local login failures:
Dec  9 10:53:29 freenas sshd[60410]: Bad protocol version identification 'GET / HTTP/1.1' from 198.20.87.98 port 33473

-- End of security output --


Code:
freenas.local login failures:
Dec  8 23:58:29 freenas sshd[54250]: Bad protocol version identification 'GET https://m.baidu.com/ HTTP/1.1' from 222.186.56.107 port 24993

-- End of security output --


Code:
freenas.local login failures:
Dec  7 02:29:34 freenas sshd[30234]: Bad protocol version identification 'GET https://m.baidu.com/ HTTP/1.1' from 222.186.56.107 port 20494

-- End of security output --


Code:
freenas.local login failures:
Nov 20 02:27:31 freenas sshd[14357]: Bad protocol version identification 'GET https://m.baidu.com/ HTTP/1.1' from 222.186.56.107 port 9336
Nov 20 03:08:35 freenas sshd[15183]: Bad protocol version identification 'CONNECT 54.225.170.141:80 HTTP/1.1' from 42.119.61.139 port 65172
Nov 20 03:49:36 freenas sshd[15694]: Bad protocol version identification 'CONNECT 184.73.246.127:80 HTTP/1.1' from 42.119.61.139 port 50042

-- End of security output --


I have freenas set up to only allow access via ssh with a key...the port # has been changed as well. the gui is not accessible (AFAIK) outside of the local LAN. The freenas box sits in my basement behind a standard verizon fios router...

any help is appreciated!

thanks in advance,

Andrew
 
BigDave

BigDave

FreeNAS Enthusiast
Joined
Oct 6, 2013
Messages
2,479
andrewjs18 said:
The freenas box sits in my basement behind a standard verizon fios router...
Click to expand...
This makes no diff one way or the other (if the port/ports are open on your router), eventually some hacker will find it and try to get in.
It's what they do for fun.
 
andrewjs18

andrewjs18

Contributor
Joined
Oct 19, 2014
Messages
141
BigDave said:
This makes no diff one way or the other (if the port/ports are open on your router), eventually some hacker will find it and try to get in.
It's what they do for fun.
Click to expand...

right, and I understand. is there anything additionally that I should do to try to limit my exposure?
 
BigDave

BigDave

FreeNAS Enthusiast
Joined
Oct 6, 2013
Messages
2,479
andrewjs18 said:
is there anything additionally that I should do to try to limit my exposure?
Click to expand...

You already have by changing the port to a less common one. If you had not changed
to a more obscure port and opened one of the more common ports,
you would be getting login failure reports by the hundreds per day.
If the hacker gets a response from your current open port, they will log it and keep trying,
so changing ports will end the security emails for a period of time, but they (the hackers)
will find the new port eventually and the reports will start again.

Maybe others will chime in and make other suggestions I'm not aware of.
 
andrewjs18

andrewjs18

Contributor
Joined
Oct 19, 2014
Messages
141
BigDave said:
You already have by changing the port to a less common one. If you had not changed
to a more obscure port and opened one of the more common ports,
you would be getting login failure reports by the hundreds per day.
If the hacker gets a response from your current open port, they will log it and keep trying,
so changing ports will end the security emails for a period of time, but they (the hackers)
will find the new port eventually and the reports will start again.

Maybe others will chime in a make other suggestions I'm not aware of.
Click to expand...

thanks for the feedback.
 
BigDave

BigDave

FreeNAS Enthusiast
Joined
Oct 6, 2013
Messages
2,479
@andrewjs18
No problem :)
I built a pfSense machine and took out my Verizon Fios equipment about 15 months ago.
I still use it as a wireless AP, so it's good for something :)
I just viewed my pfSense logs which list the blocked attempts at over 80 in the last three min.
(over half of which is Verizon most likely) and yes, I just love pissin' them off :D
One of these days I'm gonna invest in a VPN service and become the Invisable Man ;)
 
andrewjs18

andrewjs18

Contributor
Joined
Oct 19, 2014
Messages
141
BigDave said:
@andrewjs18
No problem :)
I built a pfSense machine and took out my Verizon Fios equipment about 15 months ago.
I still use it as a wireless AP, so it's good for something :)
I just viewed my pfSense logs which list the blocked attempts at over 80 in the last three min.
(over half of which is Verizon most likely) and yes, I just love pissin' them off :D
One of these days I'm gonna invest in a VPN service and become the Invisable Man ;)
Click to expand...

I wish I had the time & in-depth knowledge of routing/firewalls and such to build out a pfsense machine. just after creating my thread, I was checking out pfsense. maybe in the future I'll replace my verizon fios router with something that is more flexible to allow for a software firewall, like pfsense.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "freenas.local login failures question"

Similar threads

drgonzo3000
SOLVED freenas.local login failures: from Avast Antivirus
Replies
4
Views
2K
drgonzo3000
drgonzo3000
JayG30
  • Locked
allow scanning from device on LAN
Replies
11
Views
2K
cyberjock
C
I
  • Locked
Automated IP scans
Replies
3
Views
3K
wizmin
W
D
  • Locked
freenas.local daily security run output - login failures
Replies
10
Views
5K
Chris Moore
Chris Moore
B
  • Locked
FreeNAS security question ..
Replies
6
Views
2K
Vito Reiter
Vito Reiter
Top