This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attack on WebAdmin-port: many failed logins

Does anyone else experience attacks on the WebAdmin-port with many failed logins? [WARN-005]

This evening I received from all of the Sophos UTM's from my clients (15 in The Netherlands) notifications of failed logins. All with username "admin" and all from 65.21.141.30 (Germany) [edit: correction: Finland].

I can block this off course, but I don't understand who could find out all the ip-addresses. Only Sophos can know those from the update servers. So I would like to know if others are experiencing the same.



This thread was automatically locked due to age.
Parents
  • On our Side too - the strange was, first the attacks reach our Firewalls in the Datacenter and then some of our customer, they are not in the Datacenter, the has complete other Network Ranges. Good to hear, that this reach so many People - so i think this was not an Attack to our company.

Reply
  • On our Side too - the strange was, first the attacks reach our Firewalls in the Datacenter and then some of our customer, they are not in the Datacenter, the has complete other Network Ranges. Good to hear, that this reach so many People - so i think this was not an Attack to our company.

Children
No Data