System: Log Files: Web GUI

[starfox101]

2022-12-14T01:08:48-06:00   Error   lighttpd   (connections.c.716) invalid request-line -> sending Status 400 (89.248.165.2**)   
2022-12-13T23:15:53-06:00   Error   lighttpd   (mod_openssl.c.3281) SSL: 1 error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share (202.95.12.***)   
2022-12-13T23:15:43-06:00   Error   lighttpd   (mod_openssl.c.3281) SSL: 1 error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher (202.95.12.***)   
2022-12-13T23:15:01-06:00   Error   lighttpd   (mod_openssl.c.3281) SSL: 1 error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (202.95.12.***)

I see these everyday, are they attempts to log in? What are these?

Thanks

[Fright]

see these everyday, are they attempts to log in?

they attempts to connect (with different tls errors). but if the gui wan-access is unrestricted they definitely will try to login someday  ;)

[starfox101]

Thanks for the reply; I have Zenarmor. I was going to add them to black list.  Wast of time?

[cookiemonster]

Are these attempts on your WAN to your firewall UI? A scary thought. Did you do it on purpose, exposing the UI to the open internet?

[starfox101]

Just reading log file web gui. I have Error   lighttpd   (connections.c.716) invalid request-line -> sending Status 400 (104.248.230.**) about 30 times yesterday. As far as I no I have nothing open to wan

[cookiemonster]

I guess you didn't get the question but I imagine you didn't enable it on purpose. So check:
System > Settings > Administration. Web GUI section. Listen interfaces:
If you don't need to enable the GUI on the WAN, then unselect it from the drop down list.

If you have a firewall rules misconfiguration that allows to reach the interface, at least by the action above, there isn't much any break-in attempts can do.

[starfox101]

Thanks for the info! After locking myself out for quit a while, wan is no longer selected  ;D