[arm-allstar] Selective IP Blocking

Anthony (N2KI) n2ki.ham at gmail.com
Wed Feb 14 07:15:57 EST 2024 

That's exactly where I saw it.  Who knows how long that's been going on.
The quick fix for me was to change the external port pointing to the
internal port.  That's stopped until whoever finds the new port.

There are two things I was also looking at doing but not sure how

   - changing the password I use to log into Supermon dashboard
   - making the Supermon dashboard an HTTPS rather than HTTP

I saw the directions for Supermon but I think a while ago I ran into an
issue not being able to log in.  It talks about putting the same password
for manager.conf and allmon.ini files.  But then there is instruction to
add a password file using htpasswd -cB .htpasswd <userID>.  So yet a third
password.  All I want to do is change the password I use when logging into
the Supermon dashboard via a web browser.

HTTPS -  In looking into this, it requires me to generate a secure
certificate.  But I do not understand how or where to load that
certificate in the Hamvoip system.





*Regards,Anthony *
*   N2KI*









On Tue, Feb 13, 2024 at 9:18 PM Lloyd Duck via ARM-allstar <
arm-allstar at hamvoip.org> wrote:

> It’s on the Linux logs on supermon where I’m seeing it.
>
> Command: export TERM=vt100 && /usr/bin/sudo /usr/bin/journalctl --no-pager
> --since "1 day ago" | /bin/sed -e "/sudo/ d"
> -----------------------------------------------------------------
> -- Logs begin at Sun 2024-02-11 14:29:50 CST, end at Tue 2024-02-13
> 09:17:51 CST. --
> Feb 12 09:34:14 W5AW sshd[32556]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> Feb 12 09:34:15 W5AW sshd[32556]: Invalid user ic from 146.59.228.105 port
> 49302
> Feb 12 09:34:15 W5AW sshd[32556]: pam_tally(sshd:auth): pam_get_uid; no
> such user
> Feb 12 09:34:15 W5AW sshd[32556]: pam_unix(sshd:auth): check pass; user
> unknown
> Feb 12 09:34:15 W5AW sshd[32556]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.59.228.105
> Feb 12 09:34:15 W5AW sshd[32558]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> Feb 12 09:34:16 W5AW sshd[32558]: Invalid user sonbol from 46.101.77.207
> port 36174
> Feb 12 09:34:16 W5AW sshd[32558]: pam_tally(sshd:auth): pam_get_uid; no
> such user
> Feb 12 09:34:16 W5AW sshd[32558]: pam_unix(sshd:auth): check pass; user
> unknown
> Feb 12 09:34:16 W5AW sshd[32558]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.77.207
> Feb 12 09:34:17 W5AW sshd[32556]: Failed password for invalid user ic from
> 146.59.228.105 port 49302 ssh2
> Feb 12 09:34:17 W5AW sshd[32556]: Received disconnect from 146.59.228.105
> port 49302:11: Bye Bye [preauth]
> Feb 12 09:34:17 W5AW sshd[32556]: Disconnected from invalid user ic
> 146.59.228.105 port 49302 [preauth]
> Feb 12 09:34:18 W5AW sshd[32558]: Failed password for invalid user sonbol
> from 46.101.77.207 port 36174 ssh2
> Feb 12 09:34:20 W5AW sshd[32558]: Received disconnect from 46.101.77.207
> port 36174:11: Bye Bye [preauth]
> Feb 12 09:34:20 W5AW sshd[32558]: Disconnected from invalid user sonbol
> 46.101.77.207 port 36174 [preauth]
> Feb 12 09:34:46 W5AW sshd[32588]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> Feb 12 09:34:47 W5AW sshd[32588]: Invalid user btm from 43.136.122.160
> port 35180
> Feb 12 09:34:47 W5AW sshd[32588]: pam_tally(sshd:auth): pam_get_uid; no
> such user
> Feb 12 09:34:47 W5AW sshd[32588]: pam_unix(sshd:auth): check pass; user
> unknown
> Feb 12 09:34:47 W5AW sshd[32588]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.136.122.160
> Feb 12 09:34:49 W5AW sshd[32588]: Failed password for invalid user btm
> from 43.136.122.160 port 35180 ssh2
> Feb 12 09:34:50 W5AW sshd[32588]: Received disconnect from 43.136.122.160
> port 35180:11: Bye Bye [preauth]
> Feb 12 09:34:50 W5AW sshd[32588]: Disconnected from invalid user btm
> 43.136.122.160 port 35180 [preauth]
> Feb 12 09:34:54 W5AW sshd[32618]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> Feb 12 09:34:54 W5AW sshd[32618]: Invalid user socket from 170.106.196.12
> port 53748
> Feb 12 09:34:54 W5AW sshd[32618]: pam_tally(sshd:auth): pam_get_uid; no
> such user
> Feb 12 09:34:54 W5AW sshd[32618]: pam_unix(sshd:auth): check pass; user
> unknown
> Feb 12 09:34:54 W5AW sshd[32618]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.106.196.12
> Feb 12 09:34:56 W5AW sshd[32618]: Failed password for invalid user socket
> from 170.106.196.12 port 53748 ssh2
> Feb 12 09:34:57 W5AW sshd[32618]: Received disconnect from 170.106.196.12
> port 53748:11: Bye Bye [preauth]
> Feb 12 09:34:57 W5AW sshd[32618]: Disconnected from invalid user socket
> 170.106.196.12 port 53748 [preauth]
> Feb 12 09:35:09 W5AW sshd[32620]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> Feb 12 09:35:11 W5AW sshd[32620]: Invalid user shipping from 101.43.226.18
> port 45932
> Feb 12 09:35:11 W5AW sshd[32620]: pam_tally(sshd:auth): pam_get_uid; no
> such user
> Feb 12 09:35:11 W5AW sshd[32620]: pam_unix(sshd:auth): check pass; user
> unknown
> Feb 12 09:35:11 W5AW sshd[32620]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.43.226.18
> Feb 12 09:35:13 W5AW sshd[32622]: rexec line 110: Deprecated option
> UsePrivilegeSeparation
> Feb 12 09:35:13 W5AW sshd[32620]: Failed password for invalid user
> shipping from 101.43.226.18 port 45932 ssh2
> Feb 12 09:35:14 W5AW sshd[32622]: Invalid user lot from 41.82.208.182 port
> 26050
> Feb 12 09:35:14 W5AW sshd[32622]: pam_tally(sshd:auth): pam_get_uid; no
> such user
> Feb 12 09:35:14 W5AW sshd[32622]: pam_unix(sshd:auth): check pass; user
> unknown
> Feb 12 09:35:14 W5AW sshd[32622]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.82.208.182
> Feb 12 09:35:15 W5AW sshd[32620]: Received disconnect from 101.43.226.18
> port 45932:11: Bye Bye [preauth]
> Feb 12 09:35:15 W5AW sshd[32620]: Disconnected from invalid user shipping
> 101.43.226.18 port 45932 [preauth]
> Feb 12 09:35:16 W5AW sshd[32622]: Failed password for invalid user lot
> from 41.82.208.182 port 26050 ssh2
> Feb 12 09:35:18 W5AW sshd[32622]: Received disconnect from 41.82.208.182
> port 26050:11: Bye Bye [preauth]
>
>
> Lloyd Duck
> W5LND
>
> On Feb 12, 2024, at 6:54 PM, David McGough via ARM-allstar <
> arm-allstar at hamvoip.org> wrote:
>
> 
> Hi,
>
> How is your node being attacked??  Are you seeing entries in the Apache
> (webserver) logs, the sshd logs (lastb command) or other?
>
> 73, David K4FXC
>
>
> On Mon, 12 Feb 2024, Anthony (N2KI) via ARM-allstar wrote:
>
> > Hello,
> >
> > I understand there is a Linux package that can be installed to an Allstar
> > (HamVoip) node that we can program to block specific IP addresses from
> > connecting.  Recently, I have been noticing many attempts to hack into a
> > node.  Is there such an installation package and if so what is the name
> and
> > how do I get it?  Thanks a lot for your help.
> >
> >
> >
> >
> > *Regards,Anthony *
> > *   N2KI*
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> >
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>

More information about the ARM-allstar mailing list