This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attack on WebAdmin-port: many failed logins

Does anyone else experience attacks on the WebAdmin-port with many failed logins? [WARN-005]

This evening I received from all of the Sophos UTM's from my clients (15 in The Netherlands) notifications of failed logins. All with username "admin" and all from 65.21.141.30 (Germany) [edit: correction: Finland].

I can block this off course, but I don't understand who could find out all the ip-addresses. Only Sophos can know those from the update servers. So I would like to know if others are experiencing the same.



This thread was automatically locked due to age.
Parents Reply
  • I get a LOT of port traffic from these clients.your-server.xx sites.  The Country Blocking doesn't do much, because the last suffix always changes (.de, .ru., etc.) 

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data