Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

MMegaTron

Dictionary Attack; openvpn and openssh no longer work

Hi guys,

I work for a small company setting up their IT services. I have been trying to setup OpenVPN for the past month. The previous IT support person had set the server up, and had installed winSCP for users to connect. Unfortunatley we had permissions issues so I tried setting up OpenVPn to solve it. He did not setup secure passwords for the root/admin accounts or certificatesd for the SSH.

I had got OpenVPN completely almost 100% working until now, but over the last couple of days openvpn AND ssh which both previously wokrked have stopped working for all users working from home. I came in and tried investigating today and found the auth.log in /etc/logs filled with messages about root attempting to connect and being rejected and other users who do not exist, all of this being repeatedly a couple of hundred times since early last Sunday morning. It is obvious this a dictionary attack from some malicious user somewhere. Anyway, the point is that neither openvpn nor ssh are working now and I am pretty stumped because I don't know what has caused this, whether the user actually got into the system and changed some settings or whether it is simply sending so many requests that legitimate users cant connect (i'm guiessing it's the former as the logs arent showing any attempts now, but haven't seen on the logs that the user has successfully been able to break in).

Does anyone have any ideas which might help? I can post the log file if necessary.

Thanks,

Jack