Someone try hack my nethserver?

Support
1

I write here because I need your help. For some time I appear in the logs (logwatch summary) odd entries that trouble me. It looks like:

Today:
Attempts to use known hacks by 1 hosts were logged 1 time(s) from:
169.229.3.91: 1 Time(s)
A total of 1 sites probed the server
169.229.3.91

yesterday:
Attempts to use known hacks by 1 hosts were logged 1 time(s) from:
61.216.2.15: 1 Time(s)
A total of 1 sites probed the server
61.216.2.15

Its strange for me.
Should I be concerned?
How to block something like that?
Please some help.

2

Look for those two ip addresses in the logs (you can use the Find in log files search box in the log viewer).
I bet you’ll find a “strange” request in the httpd access.log.
Nothing to worry about. However, fail2ban could probably block more attempts from the same ip (not your case, you received only one probe).

1 Like
3

Okay thanks for answer… but i want anyway to block permanently thats ip address. Its a possible ?

4

try with:

and add that ip to the script…

or add it to /etc/shorewall/blacklist :slight_smile:

2 Likes
5

Thanks for answer :slight_smile: but …
Can it be easier to do? You can not add lock with gui? or install package form software center?

6

NethServer 7beta1 supports blocking access to services running on the system through the Firewall rules page.

7

Okey, i will w8 for 7 stable :slight_smile:

8

@Adam_S, is this a production server? If it is so, I recommend taking a look deeper at the logs…and perhaps also to what @jackyes recommends. It might be more or get more serious. Take a look at it, apply as deemed necessary then upgrade once it has been made stable.

1 Like
9

In a production server I recommend you to use at least the Firehol level 1 and 2 blocklist.
In that way you have a basic protection from the most active attacker, botnet, ransomware, malaware, etc…