WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

How to block hackers: login attempt for nonexistent user from WAN

+1 vote
1,967 views 1 comments
by anonymous

Hi All,

can anyone tell me how to block nonexistent user attempts (attacks) which generate the events below:

3306 2020-02-18 18:37:32 SSH Login attempt for nonexistent user from WAN 113.187.119.0:57240
3305 2020-02-18 18:37:23 SSH Login attempt for nonexistent user from WAN 113.187.119.0:57184
3304 2020-02-18 18:13:38 SSH Login attempt for nonexistent user from WAN 121.165.33.239:55512
3303 2020-02-18 18:13:33 SSH Login attempt for nonexistent user from WAN 121.165.33.239:55268
3302 2020-02-18 18:13:27 SSH Bad password attempt from WAN 121.165.33.239:55016
3301 2020-02-18 18:13:22 SSH Login attempt for nonexistent user from WAN 121.165.33.239:54750
3300 2020-02-18 18:13:18 SSH Bad password attempt from WAN 121.165.33.239:54500

I don't want to set the firewall to the maximum restriction, just would like to block these hackers if possible... Thank you.

1 Answer

+1 vote
by anonymous
are you SSH in practice? if not consider turning off SSH. or set SSH to a different port than the default one. port 22 (SSH) is often scanned for from the internet. If its on a alternative port this will not be the case.
Best answer
by anonymous
I disabled SSH, plus turned on all attack protections. Now there is no event like this anymore.

Thank you!