Dear all forumer,
I had installed OPNSense version 22 to my latest Dell Inspiron 3020 desktop, after few hours all my settings get mess up already.
I had disable ssh remote login services.
This is the sign of hacked by someone. How they could do it? I don't understand. Please enlighten me. Thanks.
HAHAHAHAHAHAHAHAHAHAHAHAHAHAAHHAHA
You gotta be kidding us.....
Peter, this isn't much to go by. Do you have more specifics of what happened and what settings got messed up?
These are the three settings that I remember:
I enable the DHCP server to serve specific Mac address - - deny unknown clients but the check box is unchecked
Lan unable to browse internet need reset to factory defaults
I can observe that they open multiple console by pressing Alt + F2/F3 etc
No SSH login enabled
Limited open port
Please provide some guidance to me how to further harden my opnsense box. Appreciate your help. Thanks
Quote from: peterwkc on May 25, 2022, 01:54:50 PM
I can observe that they open multiple console by pressing Alt + F2/F3 etc
So somebody had physical access to your OPNsense box?
No my ISP doesn't have physical access to my opnsense box. I try to limit the console by edit the /etc/ttys but it will restore to default after reboot.
What is serial console??
How to further protect the console???
Usually you can close and lock the door of a server rack or server room. However, I'm unsure what "I can observe that they open multiple console" means. Are they OPEN or have they been USED? Because there is such a thing as auto-login you can enable from the GUI...
Cheers,
Franco
Where to disable the auto login from GUI??
Thanks for your help..
System: Settings: Administration: Password protect the console menu, but it's on by default for exactly this reason. ;)
Cheers,
Franco
Anyone have idea how my ISP hacked me??
Questions
1. How to enforce no remote terminal is use?
2. How to further harden the IPS??
Please help. Thanks
What experience do you have in setting up firewalls and routers?
This may help us to answer your questions...