SSH Massive amount of BRUTE FORCE ATTACKS

Post your questions about myQNAPcloud service here.
Post Reply
ALLIT
First post
Posts: 1
Joined: Fri May 15, 2020 7:57 pm

SSH Massive amount of BRUTE FORCE ATTACKS

Post by ALLIT »

SSH Message: [Security] Added IP address "222.186.190.14" to IP block list
IP address "222.186.15.115"
IP address "37.49.226.212"
IP address "37.49.226.212"
IP address "45.95.168.133"
IP address "116.105.195.243"
IP address "112.85.42.189"
IP address "112.85.42.189"

PLEASE ADVISE
User avatar
dolbyman
Guru
Posts: 35021
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: SSH Massive amount of BRUTE FORCE ATTACKS

Post by dolbyman »

get your nas out of the open web..only advise that can be given here
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: SSH Massive amount of BRUTE FORCE ATTACKS

Post by jaysona »

ALLIT wrote: Mon May 18, 2020 10:52 pm SSH Message: [Security] Added IP address "222.186.190.14" to IP block list
IP address "222.186.15.115"
IP address "37.49.226.212"
IP address "37.49.226.212"
IP address "45.95.168.133"
IP address "116.105.195.243"
IP address "112.85.42.189"
IP address "112.85.42.189"

PLEASE ADVISE
What kind of advice are you seeking?

It seems like you are doing one thing correctly, which is blocking the IP address after several failed login attempts.

If you want the attacks to stop, you essentially have four options.

1. Disable direct SSH access to the NAS, and the attacks will stop as the scanning bots determine that tcp 22 is not available for your IP address.
2. Use a router that supports OpenWRT, DD-WRT, FreshTomato or MerlinWRT and use iptables to drop multiple tcp 22 requests within a period of a few seconds.
3. If you really require direct ssh access to the NAS, then consider using a router that supports port knocking and enable port knocking for ssh.
4. Setup an internal VPNB server (such as OpenVPN) and access the NAS over the VPN.

If you do not know what #2, #3 &4 mean or how to accomplish those, then you probably should not be exposing ssh directly to the Internet either. ;)
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
Post Reply

Return to “myQNAPcloud service”