Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Please advise have to worry about this?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Please advise have to worry about this? (Read 4042 times)
Julien
Hero Member
Posts: 666
Karma: 33
Please advise have to worry about this?
«
on:
November 22, 2021, 10:53:33 pm »
Hi Guy,
i have configured the IDS, i havent seen any alert for long time.
today i was looking and found those two.
is this something i have to worry about it? change the alert to Drop?
Alert
Code:
[Select]
ET WEB_SERVER 401TRG Generic Webshell Request - POST with wget in body
Thank you
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
FullyBorked
Sr. Member
Posts: 343
Karma: 24
Re: Please advise have to worry about this?
«
Reply #1 on:
November 23, 2021, 03:01:02 am »
Might be worth being somewhat concerned about. Esp since it originated externally. Looking up that IP doesn't show a lot of info, but it does look like it's hitting others IDS's as well.
See OTX evaluation here -
https://otx.alienvault.com/indicator/ip/180.188.248.230
If you are exposing port 80/443 to the internet I'd def be in IPS mode to block traffic. You can always back it back down if you block legit traffic. Harder to remove a bad actor if they make it in. My gut feeling is it's just someone's script knocking on your web server's door to see if it's open. But I can't say for sure with only an IDS entry.
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: Please advise have to worry about this?
«
Reply #2 on:
November 23, 2021, 09:23:04 pm »
Thank you for your answer.
we dont have port 80 expoesed to the net,i beleive only port is open which is redirect to the 443.
we are using IPS mode and Promiscuous mode.
this internal server is a ubuntu doing some webserver and has a fail2ban options enabled.
Today i checked the alerts again and there something similar.
«
Last Edit: November 23, 2021, 09:38:28 pm by Julien
»
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Please advise have to worry about this?