Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 2834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Logs sho the message= "User '-' failed to login from 'x.x.x.x' using ssh because of wrong credentials

Adem SI

I have received these constant alerts of attempt to access my internal web server, I believe it is a brutal attack attempt via CLI with SSH, but I cannot identify what may be creating this problem, I have already scanned the server itself and I did not find anything that could be suspicious, I also checked the access through the XG wan, ssh is disabled, I scanned ports also open at the server level and I did not find port 22 in the list of open ports. please could someone help me to understand what may be happening?

 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    As per the screenshot you provided via PM, you do not have SSH access enabled on the WAN zone. Do you have any DNAT rule configured with SSH? 

    Is the source IP in the report an external IP address or the internal address? 

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    As per the screenshot you provided via PM, you do not have SSH access enabled on the WAN zone. Do you have any DNAT rule configured with SSH? 

    Is the source IP in the report an external IP address or the internal address? 

    Thanks,

Children
Unfiltered HTML