Soorma Posted February 14, 2014 #1 Posted February 14, 2014 anyone else seeing this? my firewall reported that my "server ip" is getting Brute froce ssh attack. attack is coming from China IP's. Thanks -Soorma
Soorma Posted February 14, 2014 Author #2 Posted February 14, 2014 anyone else seeing this? my firewall reported that my "server ip" is getting Brute froce ssh attack. attack is coming from China IP's. Thanks -Soorma
stanza Posted February 14, 2014 #3 Posted February 14, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net...
stanza Posted February 14, 2014 #4 Posted February 14, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net...
Soorma Posted February 15, 2014 Author #5 Posted February 15, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net... my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night.
Soorma Posted February 15, 2014 Author #6 Posted February 15, 2014 Any computer connected to the net is going to see attacks. Me personally I don't have anything accessable to the net... my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night.
jokies Posted February 15, 2014 #7 Posted February 15, 2014 Change MAC and S/N and they will be gone. Otherwise change default port, have common ports opened on default port number is not a good idea.
jokies Posted February 15, 2014 #8 Posted February 15, 2014 Change MAC and S/N and they will be gone. Otherwise change default port, have common ports opened on default port number is not a good idea.
fgullama Posted February 15, 2014 #9 Posted February 15, 2014 I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though. Frank
fgullama Posted February 15, 2014 #10 Posted February 15, 2014 I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though. Frank
DHD Posted February 17, 2014 #11 Posted February 17, 2014 I changed MAC address, SN, default ports and SN but still be attached from China's IP (218.6.6.70 =>Fuzhou, Fujian, China). Please teach me how to check someone success attach my NAS or not?
DHD Posted February 17, 2014 #12 Posted February 17, 2014 I changed MAC address, SN, default ports and SN but still be attached from China's IP (218.6.6.70 =>Fuzhou, Fujian, China). Please teach me how to check someone success attach my NAS or not?
Soorma Posted February 17, 2014 Author #15 Posted February 17, 2014 [attachment=0]Capture.PNG[/attachment] change your ssh port number from 22 to somthing else and then do auto block ip after 3-4 fail tries etc.
Soorma Posted February 17, 2014 Author #16 Posted February 17, 2014 [attachment=0]Capture.PNG[/attachment] change your ssh port number from 22 to somthing else and then do auto block ip after 3-4 fail tries etc.
phoenix73 Posted May 7, 2014 #17 Posted May 7, 2014 Did you use OpenVPN or PPTP client ? Only eth0 is protected by firewall ;(
shackwove Posted May 7, 2014 #18 Posted May 7, 2014 For an added layer you can forward a port in your router to your SSH port on DSM. Your router's config would look like this : External port : 35775 Internal port : 22 now you only have to connect to it using ssh -p 35775 user@ip You can also disable the ability to ssh as root, this is common practice to any ssh box, you can then login as say "admin" and then switch to root if you have to. DSM is particular tho and we have to change something first or we won't be able to switch user afterwards. 1. Login as ssh root@dsm 2. Change permissions on /bin/su with chmod a+s /bin/su 3. Try it, login with ssh admin@dsm 4. Type su 5. Enter password and type whoami < this should return "root" 6. Disable root login in /etc/ssh/sshd_config as root user do vi /etc/ssh/sshd_config locate the line that says #PermitRootLogin yes Press insert and edit it so it looks like "PermitRootLogin no" Press escape and type ":wq" and press enter 7. In the web GUI, Control Panel > Terminal > Disable SSH and apply > Enable SSH and apply 8. Try to connect as root, it shouldn't let you anymore, so connect as admin That's it, nobody can longer connect to your DSM as root but you still have root capabilities! Place your cursor over this line
Recommended Posts