What's new

AiDisks under password guessing attack

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Blackstar

Occasional Visitor
After two weeks of setting up AiDisks for local network file sharing among my family members for the first time, a week later, someone began attempting to guess the password for access every five minutes, with five login attempts. As a result, I increased the timeout to 60 minutes with a limit of two login attempts. However, the individual has persisted in their attempts. Should I be concerned? Here's the latest log from just minutes ago.

Mar 20 23:23:46 httpd_login_lock: Detect abnormal logins at 5 times. The newest one was from 79.110.62.117 in login.
Mar 20 23:26:36 httpd_login_lock: Detect abnormal logins at 5 times. The newest one was from 179.60.147.41 in login lock.
 
Please tell a little more precise how you set up your disks. Didn't you set up a vpn-server for sharing?
 
After two weeks of setting up AiDisks for local network file sharing among my family members for the first time, a week later, someone began attempting to guess the password for access every five minutes, with five login attempts. As a result, I increased the timeout to 60 minutes with a limit of two login attempts. However, the individual has persisted in their attempts. Should I be concerned? Here's the latest log from just minutes ago.

Mar 20 23:23:46 httpd_login_lock: Detect abnormal logins at 5 times. The newest one was from 79.110.62.117 in login.
Mar 20 23:26:36 httpd_login_lock: Detect abnormal logins at 5 times. The newest one was from 179.60.147.41 in login lock.
Welcome to the world of the Internet! You are likely being hit by a bot. Might be best to not use AiDisk but use a cloud service instead.
 
Caracas IP, .ru domain, listed for brute force attacks. Add it to skynet?
 
After two weeks of setting up AiDisks for local network file sharing among my family members for the first time, a week later, someone began attempting to guess the password for access every five minutes, with five login attempts. As a result, I increased the timeout to 60 minutes with a limit of two login attempts. However, the individual has persisted in their attempts. Should I be concerned? Here's the latest log from just minutes ago.

Mar 20 23:23:46 httpd_login_lock: Detect abnormal logins at 5 times. The newest one was from 79.110.62.117 in login.
Mar 20 23:26:36 httpd_login_lock: Detect abnormal logins at 5 times. The newest one was from 179.60.147.41 in login lock.
I'd be weary of opening anything up to the public in this manner. Especially if there's no ability for OTP or MFA or Geo-IP blacklists at a minimum. Shodan and other sites will eventially show what ports and services are open to the public on your public IP and you will get hammered from everywhere.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top