SSH Message: [Security] Added IP address "222.186.190.14" to IP block list
IP address "222.186.15.115"
IP address "37.49.226.212"
IP address "37.49.226.212"
IP address "45.95.168.133"
IP address "116.105.195.243"
IP address "112.85.42.189"
IP address "112.85.42.189"
PLEASE ADVISE
SSH Massive amount of BRUTE FORCE ATTACKS
-
- First post
- Posts: 1
- Joined: Fri May 15, 2020 7:57 pm
- dolbyman
- Guru
- Posts: 35021
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: SSH Massive amount of BRUTE FORCE ATTACKS
get your nas out of the open web..only advise that can be given here
- jaysona
- Been there, done that
- Posts: 846
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: SSH Massive amount of BRUTE FORCE ATTACKS
What kind of advice are you seeking?ALLIT wrote: ↑Mon May 18, 2020 10:52 pm SSH Message: [Security] Added IP address "222.186.190.14" to IP block list
IP address "222.186.15.115"
IP address "37.49.226.212"
IP address "37.49.226.212"
IP address "45.95.168.133"
IP address "116.105.195.243"
IP address "112.85.42.189"
IP address "112.85.42.189"
PLEASE ADVISE
It seems like you are doing one thing correctly, which is blocking the IP address after several failed login attempts.
If you want the attacks to stop, you essentially have four options.
1. Disable direct SSH access to the NAS, and the attacks will stop as the scanning bots determine that tcp 22 is not available for your IP address.
2. Use a router that supports OpenWRT, DD-WRT, FreshTomato or MerlinWRT and use iptables to drop multiple tcp 22 requests within a period of a few seconds.
3. If you really require direct ssh access to the NAS, then consider using a router that supports port knocking and enable port knocking for ssh.
4. Setup an internal VPNB server (such as OpenVPN) and access the NAS over the VPN.
If you do not know what #2, #3 &4 mean or how to accomplish those, then you probably should not be exposing ssh directly to the Internet either.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)