Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Am i under attack?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 1.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AlanesiA Offline
      Alanesi
      last edited by

      Hi Everyone,

      Am I under attack? I don't know these IP addresses.

      Attack from "112.85.42.143" on service SSH with danger 10.
      Failed password for root from 112.85.42.143 port 58827 ssh2
      Attack from "2.134.47.21" on service SSH with danger 10.
      Invalid user admin1 from 2.134.47.21 port 64840

      They keep showing many times.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Alanesi
        last edited by Gertjan

        @alanesi said in Am i under attack?:

        They keep showing many times.

        If you don't want people/scripts/robots knocking on your door, remove the door.
        Remove rules on your WAN interface : do not make SSH accessible to the entire Internet. Consider that as a security flaw.
        If you have to have access to SSH and GUI etc, use a VPN access.

        edit : normally, you should be using the SSH access with a password only ones. The day you installed pfSense - or any OS for that matter, disable password authentication and go for :

        1a6dfd25-27fa-49ab-b329-65ac8353f445-image.png

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        AlanesiA 1 Reply Last reply Reply Quote 1
        • AlanesiA Offline
          Alanesi @Gertjan
          last edited by

          @gertjan Much appreciated.
          But one thing here PFsense is my VPN server so I think GUI is already accessible.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @Alanesi
            last edited by

            With only this rule

            747e9b5f-ffd7-496f-9dc5-70f543402e6c-image.png

            on your WAN interface, no one can access SSH, or GUI access.
            Exception : those who have VPN access. But you know who they are, as you gave that access.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            AlanesiA 1 Reply Last reply Reply Quote 2
            • AlanesiA Offline
              Alanesi @Gertjan
              last edited by

              @gertjan Thank you very much

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.