Lately I've been getting a lot of blocked IPs.
I'm curious which services are being used. I might turn off the service being probed (ie. FTP) if I knew which one it was.
Question about IP block
Forum rules
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
6 posts
• Page 1 of 1
Question about IP block
by riprowan » Tue Dec 20, 2011 4:01 am
- riprowan
- I'm New!
- Posts: 7
- Joined: Fri Aug 12, 2011 5:27 pm
Re: Question about IP block
by mike42dk » Tue Dec 20, 2011 7:04 pm
Hi
Mostly it's portscan, for the most common ports, like FTP, SHH, TelNet, ports that perhaps can be hacked and used to get control over the server.
Just don't enable services you don't use, and as you have done set up IP ban
Mostly it's portscan, for the most common ports, like FTP, SHH, TelNet, ports that perhaps can be hacked and used to get control over the server.
Just don't enable services you don't use, and as you have done set up IP ban
Regards Michael
###############################################
Synology DS-412+ with DSM 4.2 3211
Westen Digital 20EFRX 2 TB. X 2 in slot 1+3(format to EXT4) RAID 1
Seagate ST2000DL003 2 TB. in slot 2 (format to EXT4) Basic
Samsung USB2 G3 Station 2 TB. (format to EXT4)
Please don't PM for help, use forum so all users can see answers
###############################################
Synology DS-412+ with DSM 4.2 3211
Westen Digital 20EFRX 2 TB. X 2 in slot 1+3(format to EXT4) RAID 1
Seagate ST2000DL003 2 TB. in slot 2 (format to EXT4) Basic
Samsung USB2 G3 Station 2 TB. (format to EXT4)
Please don't PM for help, use forum so all users can see answers
-
mike42dk - 1337 g33|<
- Posts: 2024
- Joined: Sun Jun 06, 2010 7:45 am
- Location: Denmark
Auto Block Logging
by jonny72 » Fri Jan 27, 2012 1:36 am
I noticed some hacking attempts in the connection log and turned on Auto Block. Whilst this appears to be working perfectly, it has blocked quite a few IP's already, there is now no logging whatsoever anywhere - no trace of the logon attempts in the connection log. This would be useful so I could see why the auto blocking was activated.
Am I missing something, or is the logging turned off when Auto Block is turned on?
Am I missing something, or is the logging turned off when Auto Block is turned on?
- jonny72
- Trainee
- Posts: 18
- Joined: Fri Jan 27, 2012 1:14 am
Re: Question about IP block
by riprowan » Sat Jan 28, 2012 12:51 pm
mike42dk wrote:Just don't enable services you don't use, and as you have done set up IP ban
* BUMP *
Shouldn't the log file include
- username attempting login
- service attempted to use
If the same username is being probed, or if the same service is being probed, then it seems the admin could take better informed action to prevent possible attacks.
Maybe I seem paranoid, but if you had been through what I've been through, you'd be paranoid too.
- riprowan
- I'm New!
- Posts: 7
- Joined: Fri Aug 12, 2011 5:27 pm
Re: Question about IP block
by mike42dk » Sun Jan 29, 2012 9:30 am
Hi
The username that has been tried to use at login is there in the systemlog.
But what port that the user had tried to use is missing, and that could be interesting to have in log!!
The username that has been tried to use at login is there in the systemlog.
But what port that the user had tried to use is missing, and that could be interesting to have in log!!
Regards Michael
###############################################
Synology DS-412+ with DSM 4.2 3211
Westen Digital 20EFRX 2 TB. X 2 in slot 1+3(format to EXT4) RAID 1
Seagate ST2000DL003 2 TB. in slot 2 (format to EXT4) Basic
Samsung USB2 G3 Station 2 TB. (format to EXT4)
Please don't PM for help, use forum so all users can see answers
###############################################
Synology DS-412+ with DSM 4.2 3211
Westen Digital 20EFRX 2 TB. X 2 in slot 1+3(format to EXT4) RAID 1
Seagate ST2000DL003 2 TB. in slot 2 (format to EXT4) Basic
Samsung USB2 G3 Station 2 TB. (format to EXT4)
Please don't PM for help, use forum so all users can see answers
-
mike42dk - 1337 g33|<
- Posts: 2024
- Joined: Sun Jun 06, 2010 7:45 am
- Location: Denmark
Re: Question about IP block
by Betard » Sun Feb 05, 2012 7:43 pm
I have a similar thread started in the "DiskStation Manager 4.0 BETA" section http://forum.synology.com/enu/viewtopic.php?f=189&t=46787
In regards to notifications I noticed that you can define the message.
I have been searching, but unable to find a list of the available %% variables. Perhaps there is one for username, port or service? If so, that would certainly help those of us looking for "more" information.
In regards to notifications I noticed that you can define the message.
Dear user,
IP address [%CLIENT_IP%] of %HOSTNAME% had %AUTOBLOCK_ATTEMPTS% failed login attempts within %AUTOBLOCK_ATTEMPT_MIN% minutes, and has been blocked at %AUTOBLOCK_TIME%.
Sincerely,
%COMPANY_NAME%
I have been searching, but unable to find a list of the available %% variables. Perhaps there is one for username, port or service? If so, that would certainly help those of us looking for "more" information.
- Betard
- I'm New!
- Posts: 9
- Joined: Mon Sep 19, 2011 8:35 pm
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests