Hello,
Hi,
when I run on my Freedombox journalctl -f I see many login attempts from different ip addresses. I have no experience with servers. Is this normal, can something be configured incorrectly? Must i change something? I’m worried
- Logs begin at Sat 2019-09-14 05:28:42 CEST. –
Sep 14 11:01:56 freedombox sshd[12333]: Received disconnect from 51.255.160.188 port 55236:11: Bye Bye [preauth]
Sep 14 11:01:56 freedombox sshd[12333]: Disconnected from invalid user GarrysMod 51.255.160.188 port 55236 [preauth]
Sep 14 11:02:04 freedombox sshd[12338]: Invalid user gc from 211.193.13.111 port 62455
Sep 14 11:02:04 freedombox sshd[12338]: pam_unix(sshd:auth): check pass; user unknown
Sep 14 11:02:04 freedombox sshd[12338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.193.13.111
Sep 14 11:02:06 freedombox sshd[12338]: Failed password for invalid user gc from 211.193.13.111 port 62455 ssh2
Sep 14 11:02:06 freedombox sudo[12336]: pam_unix(sudo:auth): authentication failure; logname=1110LT0m1k3. uid=10000 euid=0 tty=/dev/pts/2 ruser=1110LT0m1k3. rhost= user=1110LT0m1k3.
Sep 14 11:02:06 freedombox slapd[762]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
Sep 14 11:02:06 freedombox sudo[12336]: 1110LT0m1k3. : TTY=pts/2 ; PWD=/home/1110LT0m1k3. ; USER=root ; COMMAND=/usr/bin/journalctl -f
Sep 14 11:02:06 freedombox sudo[12336]: pam_unix(sudo:session): session opened for user root by 1110LT0m1k3.(uid=0)
Sep 14 11:02:08 freedombox sshd[12338]: Received disconnect from 211.193.13.111 port 62455:11: Bye Bye [preauth- Logs begin at Sat 2019-09-14 05:28:42 CEST. –
Sep 14 11:01:56 freedombox sshd[12333]: Received disconnect from 51.255.160.188 port 55236:11: Bye Bye [preauth]
Sep 14 11:01:56 freedombox sshd[12333]: Disconnected from invalid user GarrysMod 51.255.160.188 port 55236 [preauth]
Sep 14 11:02:04 freedombox sshd[12338]: Invalid user gc from 211.193.13.111 port 62455
Sep 14 11:02:04 freedombox sshd[12338]: pam_unix(sshd:auth): check pass; user unknown
Sep 14 11:02:04 freedombox sshd[12338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.193.13.111
Sep 14 11:02:06 freedombox sshd[12338]: Failed password for invalid user gc from 211.193.13.111 port 62455 ssh2
Sep 14 11:02:06 freedombox sudo[12336]: pam_unix(sudo:auth): authentication failure; logname=1110LT0m1k3. uid=10000 euid=0 tty=/dev/pts/2 ruser=1110LT0m1k3. rhost= user=1110LT0m1k3.
Sep 14 11:02:06 freedombox slapd[762]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
Sep 14 11:02:06 freedombox sudo[12336]: 1110LT0m1k3. : TTY=pts/2 ; PWD=/home/1110LT0m1k3. ; USER=root ; COMMAND=/usr/bin/journalctl -f
Sep 14 11:02:06 freedombox sudo[12336]: pam_unix(sudo:session): session opened for user root by 1110LT0m1k3.(uid=0)
Sep 14 11:02:08 freedombox sshd[12338]: Received disconnect from 211.193.13.111 port 62455:11: Bye Bye [preauth]
Sep 14 11:02:08 freedombox sshd[12338]: Disconnected from invalid user gc 211.193.13.111 port 62455 [preauth]]
Sep 14 11:02:08 freedombox sshd[12338]: Disconnected from invalid user gc 211.193.13.111 port 62455 [preauth]- Logs begin at Sat 2019-09-14 05:28:42 CEST. –
Sep 14 11:01:56 freedombox sshd[12333]: Received disconnect from 51.255.160.188 port 55236:11: Bye Bye [preauth]
Sep 14 11:01:56 freedombox sshd[12333]: Disconnected from invalid user GarrysMod 51.255.160.188 port 55236 [preauth]
Sep 14 11:02:04 freedombox sshd[12338]: Invalid user gc from 211.193.13.111 port 62455
Sep 14 11:02:04 freedombox sshd[12338]: pam_unix(sshd:auth): check pass; user unknown
Sep 14 11:02:04 freedombox sshd[12338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.193.13.111
Sep 14 11:02:06 freedombox sshd[12338]: Failed password for invalid user gc from 211.193.13.111 port 62455 ssh2
Sep 14 11:02:06 freedombox sudo[12336]: pam_unix(sudo:auth): authentication failure; logname=1110LT0m1k3. uid=10000 euid=0 tty=/dev/pts/2 ruser=1110LT0m1k3. rhost= user=1110LT0m1k3.
Sep 14 11:02:06 freedombox slapd[762]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
Sep 14 11:02:06 freedombox sudo[12336]: 1110LT0m1k3. : TTY=pts/2 ; PWD=/home/1110LT0m1k3. ; USER=root ; COMMAND=/usr/bin/journalctl -f
Sep 14 11:02:06 freedombox sudo[12336]: pam_unix(sudo:session): session opened for user root by 1110LT0m1k3.(uid=0)
Sep 14 11:02:08 freedombox sshd[12338]: Received disconnect from 211.193.13.111 port 62455:11: Bye Bye [preauth]
Sep 14 11:02:08 freedombox sshd[12338]: Disconnected from invalid user gc 211.193.13.111 port 62455 [preauth]
this is going on and on… haven’t seen that before, is this a bigger Attack? What can i do? Should i cut the connection?
Information
FreedomBox Pioneer 19.15 reachable from the Internet with a .freedombox.rocks domain
Konfigured Tor is running
behind a Router with open ports for Matrix Synapse, bind, https,http,Tor,radicale,sftp
I am running ikiwiki as blog