As with many others, my Pioneer FreedomBox (version L board) becomes unreachable after 1 to 3 days requiring a press of the reset button. Server logs don’t really help much with identifying what caused the crash, but I am convinced that distributed denial of Service (DDoS) may have been responsible for at least some of my prior crashes. I had an old Netgear 3600 modem/router that was in place when multiple DDos attacks brought down the server. Hoping to put an end to the attacks, I purchased a new NightHawk modem/router with updated security options. I put in a fresh weekly version 22.1 FB image, installed OpenVPN, Samba, Apache, and started with the new router. I opened the appropriate ports for the installed programs. I uploaded my website and like a moth to a flame, they came. Within a few hours, the router logs showed hundreds of entries that say:
[LAN access from remote] from 22.214.171.124:58368 to 192.168.1.7:443, Jan 19 21:35:51 or
[LAN access from remote] from 126.96.36.199:52506 to 192.168.1.7:80, Jan 19 20:20:06
with mostly different source IP addresses. These LAN accesses were from dozens of IP addressed from around the world with only a few duplicate IP addresses. According to https://whatismyipaddress.com/ip-lookup, the first 62 IP addresses were from the following countries:
United States (various states) 32
South Korea 1
But who knows, the IP addresses might all be spoofed by Bots.
What I know:
Nearly all router log messages showed LAN entry through ports 80 and 443; HTTP and HTTPS respectively,
There were three entries through port 1194, OpenVPN
All were trying to reach the FreedomBox.
There were no attempts to reach the Freedom Box through port 22, ssh, except when I ssh’ed into the FB from windows command line.
Why is this happening and what can be done to stop it? Is this something I should worry about? These people or Bots are not my friend and apparently my WAN has been compromised through the presence of the FreedomBox on my home network. What do I need to do?