F5F Stay Refreshed Power Users Networks Security alerts identified on UXG-Lite and Nginx systems.

Security alerts identified on UXG-Lite and Nginx systems.

Security alerts identified on UXG-Lite and Nginx systems.

U
UberCuber
Junior Member
Find
28
01-18-2025, 11:52 AM
#1
I've explored the setup and noticed the Security Detections section in Unraid. The alerts point to traffic from various regions, including the US, Netherlands, and Russia. Since Overseer is using a VPN, the source IPs appear to be masked. To reduce connections to your Nginx Docker container, you might want to check firewall rules, optimize Docker settings, or adjust Unraid's security policies. Let me know if you need further guidance.
Reply
Reply
U
UberCuber
01-18-2025, 11:52 AM #1

I've explored the setup and noticed the Security Detections section in Unraid. The alerts point to traffic from various regions, including the US, Netherlands, and Russia. Since Overseer is using a VPN, the source IPs appear to be masked. To reduce connections to your Nginx Docker container, you might want to check firewall rules, optimize Docker settings, or adjust Unraid's security policies. Let me know if you need further guidance.

Reply
Reply
C
ChibiWolf39
Senior Member
Find
491
01-31-2025, 01:50 PM
#2
when a web server is running on a standard port that's open from your public IP (like 80, 443, and possibly others), it's typical to notice a few crawlers checking those ports daily for every address in the IPv4 range.
Reply
Reply
C
ChibiWolf39
01-31-2025, 01:50 PM #2

when a web server is running on a standard port that's open from your public IP (like 80, 443, and possibly others), it's typical to notice a few crawlers checking those ports daily for every address in the IPv4 range.

Reply
Reply
G
grisou47
Member
Find
133
02-02-2025, 09:37 AM
#3
You're referring to network or server connections. If you have an internet-hosted server, it's typical for bots to attempt access. Logs often show attempts like phpmyadmin being used even though it isn't installed. Mitigation strategies include tools such as fail2ban that analyze logs and automatically block suspicious IP addresses after repeated failures.
Reply
Reply
G
grisou47
02-02-2025, 09:37 AM #3

You're referring to network or server connections. If you have an internet-hosted server, it's typical for bots to attempt access. Logs often show attempts like phpmyadmin being used even though it isn't installed. Mitigation strategies include tools such as fail2ban that analyze logs and automatically block suspicious IP addresses after repeated failures.

Reply
Reply
G
GauteZEL
Member
Find
173
02-03-2025, 02:22 AM
#4
Ports staying open mean bots will constantly try to access them around the clock. I once left SSH on port 22, resulting in hundreds of failed login attempts daily—mostly guessing credentials like admin, root, pi, user, etc. Now I rely solely on RSA keys, but bots still keep trying. Fail2ban helps block them, though.
Reply
Reply
G
GauteZEL
02-03-2025, 02:22 AM #4

Ports staying open mean bots will constantly try to access them around the clock. I once left SSH on port 22, resulting in hundreds of failed login attempts daily—mostly guessing credentials like admin, root, pi, user, etc. Now I rely solely on RSA keys, but bots still keep trying. Fail2ban helps block them, though.

Reply
Reply