Email notification of failed login attempts

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
Post Reply
spepin
Starting out
Posts: 13
Joined: Sun Sep 14, 2014 10:01 pm

Email notification of failed login attempts

Post by spepin »

I have two NAS boxes - a TS-451 and a TS-471. Both have email notifications set up and working. Am I missing something, or is there no way to configure the NAS to send out a notification email after a failed login attempt? Every so often, I find a new string of failed logins from various people who obviously don't belong there. I have Network Access Protection configured and enabled, so it will (if I recall) alert me when a blocked IP tries to login, but I'd like to know when there are attempts that don't quite trigger the NAP auto block. For instance, I just noticed an attempt from a couple weeks ago -- they tried three different logins. Not enough to trigger the NAP, but enough that I'd like to know that it's going on.
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Email notification of failed login attempts

Post by dolbyman »

why do you have unknown devices in your network ?

are we talking about SMB or webfrontend logins ?
User avatar
razormoon
Easy as a breeze
Posts: 465
Joined: Fri Feb 13, 2015 5:05 am
Location: Denver, CO

Re: Email notification of failed login attempts

Post by razormoon »

You'll need a featured NAP for that as it will most definitely flood a lot of user's email. If you keep the default port forward, they will keep 'knocking' as it is well known.
I've redirected the default port a long time ago, so attempts on my system are extremely rare. I don't how you can enable extra notifications.
Have you tried setting up syslog? You can also get the info using SNMP and setting traps...though I haven't tried.

I go a different route and use IPS and blocklist with great router software. You can also try installing MalTrail as it is a true NAP application.
:!: TVS-871-i7-16G 5.0.0.1932 Build 20220129, KODI, WSE 2019
:?: 1 x KINGSTON SNV325S2 as 2mb block cache, WDC WD40EFRX as RAID5, 1 x WDC WD40EFRX as iSCSI
:idea: APC PRO 1500 S
:-0 WIKI SUPPORT

"Nothing is impossible. Only expensive, illegal or both."
spepin
Starting out
Posts: 13
Joined: Sun Sep 14, 2014 10:01 pm

Re: Email notification of failed login attempts

Post by spepin »

dolbyman wrote:why do you have unknown devices in your network ?

are we talking about SMB or webfrontend logins ?
Web login. Sorry for not clarifying that initially.
DervMan
New here
Posts: 8
Joined: Tue Mar 16, 2010 6:18 pm

Re: Email notification of failed login attempts

Post by DervMan »

Interesting one this. I'm having the same issue with unathorised access attempts to the Web Interface. The QNAP log is logging the events as "Warning" and I have email alerts enabled for "Warning" events but I'm not getting those emails. I do get email alerts for firmware updates so I know the email side is good.
User avatar
Don
Guru
Posts: 12289
Joined: Thu Jan 03, 2008 4:56 am
Location: Long Island, New York

Re: Email notification of failed login attempts

Post by Don »

Where are the attempts coming from? WAN? LAN?
Use the forum search feature before posting.

Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.

NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
P3R
Guru
Posts: 13190
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: Email notification of failed login attempts

Post by P3R »

DervMan wrote:The QNAP log is logging the events as "Warning" and I have email alerts enabled for "Warning" events but I'm not getting those emails.
In the notification configuration settings it says:
"When the following system events occur...".

Notifications doesn't alert you of System Connection warnings, that appear in a different log.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
spepin
Starting out
Posts: 13
Joined: Sun Sep 14, 2014 10:01 pm

Re: Email notification of failed login attempts

Post by spepin »

Don wrote:Where are the attempts coming from? WAN? LAN?
WAN. Typically our friends in Russia, China, etc. They usually don't go past two or three attempts (I use strong passphrases and two-factor authentication). Still, I'd love to be able to catch them in the act rather than just find out about it days or weeks later. I suppose the easiest thing would be to change the default 8080 port to something else. On my second box, I obviously have a different port set and that one never gets attempts.
User avatar
Don
Guru
Posts: 12289
Joined: Thu Jan 03, 2008 4:56 am
Location: Long Island, New York

Re: Email notification of failed login attempts

Post by Don »

What ports are you forwarding and why?
Use the forum search feature before posting.

Use RAID and external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced, and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.

NAS: TVS-882BR | F/W: 5.0.1.2346 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-h674 | F/W: 5.0.1.2376 | 16GB | 3 x 18TB RAID 5
Apps: DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +
Post Reply

Return to “Miscellaneous”