2022-12-14T01:08:48-06:00 Error lighttpd (connections.c.716) invalid request-line -> sending Status 400 (89.248.165.2**)
2022-12-13T23:15:53-06:00 Error lighttpd (mod_openssl.c.3281) SSL: 1 error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share (202.95.12.***)
2022-12-13T23:15:43-06:00 Error lighttpd (mod_openssl.c.3281) SSL: 1 error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher (202.95.12.***)
2022-12-13T23:15:01-06:00 Error lighttpd (mod_openssl.c.3281) SSL: 1 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (202.95.12.***)
I see these everyday, are they attempts to log in? What are these?
Thanks
Quotesee these everyday, are they attempts to log in?
they attempts to connect (with different tls errors). but if the gui wan-access is unrestricted they definitely will try to login someday ;)
Thanks for the reply; I have Zenarmor. I was going to add them to black list. Wast of time?
Are these attempts on your WAN to your firewall UI? A scary thought. Did you do it on purpose, exposing the UI to the open internet?
Just reading log file web gui. I have Error lighttpd (connections.c.716) invalid request-line -> sending Status 400 (104.248.230.**) about 30 times yesterday. As far as I no I have nothing open to wan
I guess you didn't get the question but I imagine you didn't enable it on purpose. So check:
System > Settings > Administration. Web GUI section. Listen interfaces:
If you don't need to enable the GUI on the WAN, then unselect it from the drop down list.
If you have a firewall rules misconfiguration that allows to reach the interface, at least by the action above, there isn't much any break-in attempts can do.
Thanks for the info! After locking myself out for quit a while, wan is no longer selected ;D