Am i under attack?
-
Hi Everyone,
Am I under attack? I don't know these IP addresses.
Attack from "112.85.42.143" on service SSH with danger 10.
Failed password for root from 112.85.42.143 port 58827 ssh2
Attack from "2.134.47.21" on service SSH with danger 10.
Invalid user admin1 from 2.134.47.21 port 64840They keep showing many times.
-
@alanesi said in Am i under attack?:
They keep showing many times.
If you don't want people/scripts/robots knocking on your door, remove the door.
Remove rules on your WAN interface : do not make SSH accessible to the entire Internet. Consider that as a security flaw.
If you have to have access to SSH and GUI etc, use a VPN access.edit : normally, you should be using the SSH access with a password only ones. The day you installed pfSense - or any OS for that matter, disable password authentication and go for :
-
@gertjan Much appreciated.
But one thing here PFsense is my VPN server so I think GUI is already accessible. -
With only this rule
on your WAN interface, no one can access SSH, or GUI access.
Exception : those who have VPN access. But you know who they are, as you gave that access. -
@gertjan Thank you very much
