Overseas log in attempts to NAS via SSH

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Overseas log in attempts to NAS via SSH

stuzz

351 posts

Ultimate Geek

ID Verified

Trusted

#153622 3-Oct-2014 07:37

I have noticed numerous and ongoing attempts by overseas ip addresses to login to my NAS.
They fail and are blocked after two repeated attempts, but wonder if this is me specific or do others notice this activitiy?

johnr

19282 posts

Uber Geek
Inactive user

#1146261 3-Oct-2014 08:19

Setup a honey pot and see what they are trying to do

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

linw

2834 posts

Uber Geek

#1146270 3-Oct-2014 08:30

Turned remote access off on my WD Mybooklive because of the shellshock threat.

timmmay

20357 posts

Uber Geek

Trusted

Lifetime subscriber

#1146272 3-Oct-2014 08:34

It's expected that every machine on the internet will be probed or attacked more or less constantly. Your options are:
- Make sure to keep it up to date with the latest software, and use a strong username and password. I would be surprised if there were no vulnerabilities in the software though.
- Disable remote access.

stuzz

351 posts

Ultimate Geek

ID Verified

Trusted

#1146273 3-Oct-2014 08:35

linw: Turned remote access off on my WD Mybooklive because of the shellshock threat.

I've done the same with sftp now.

The people I share with can just use Plex.

stuzz

351 posts

Ultimate Geek

ID Verified

Trusted

#1146276 3-Oct-2014 08:42

timmmay: It's expected that every machine on the internet will be probed or attacked more or less constantly. Your options are:
- Make sure to keep it up to date with the latest software, and use a strong username and password. I would be surprised if there were no vulnerabilities in the software though.
- Disable remote access.

A trusted friend had ftp access to it, but after reading about Shellshock and NAS exploit possibilities, I checked the logs as was surprised what I saw. No one has gained access, but just more aware now.

chevrolux

4962 posts

Uber Geek
Inactive user

#1146278 3-Oct-2014 08:45

Why do you have SSH exposed?!

I can understand SFTP but with that surely SSH isn't required.

stuzz

351 posts

Ultimate Geek

ID Verified

Trusted

#1146288 3-Oct-2014 09:14

chevrolux: Why do you have SSH exposed?!

I can understand SFTP but with that surely SSH isn't required.

We just turned on the sftp. There was no setting re ssh other than it advising it used the same port as it would.

Have turned it off as it is a little beyond me at this stage.

BTR

1527 posts

Uber Geek

#1146312 3-Oct-2014 09:39

I would have as little as possible available externally if I was you, I have all external access to my servers disabled. If I want access I will use VPN.

ubergeeknz

3344 posts

Uber Geek

Trusted

Vocus

#1146335 3-Oct-2014 09:55

If you must expose a service externally, use a high port (something over 10000) which should help you avoid the bulk of scanning. This of course does not obviate the need for strong password/cert authentication, keeping things up to date etc.

muppet

2535 posts

Uber Geek

Trusted

#1146340 3-Oct-2014 09:59

This is as normal as normal can get. If you're on the Internet with a public IP and NOT getting random bots trying to login to every common public service, something's wrong with your Internet connection.

Audiophiles are such twits! They buy such pointless stuff: Gold plated cables, $2000 power cords. Idiots.

OOOHHHH HYPERFIBRE!