anyone ever see a strange login in your log file?
anyone ever see a strange login in your log file?
Almost every day I see attempts to hit my server, Xfinity blocks them and I have Norton running in addition to the Xfinity protection. Almost every one is from out of the US, but there is an occasional US attempt. I only have one user configured in my BI5...me. The other day I looked at the login file and I see a user that I don't recognize. I deleted the user and permanently blocked it, should I be concerned? Does that mean that they successfully logged onto my cameras? I should have screen captured the name, it looked suspicious. I'll continue to monitor that file and see if anything pops up again.
Re: anyone ever see a strange login in your log file?
If someone actually created a user on your BI system that would be very very bad.
Alternatively, I see lots and lots of attempts to log in and it is unlcear from the log that the attempt actually failed and zero bytes transferred.
Alternatively, I see lots and lots of attempts to log in and it is unlcear from the log that the attempt actually failed and zero bytes transferred.
Re: anyone ever see a strange login in your log file?
HeneryH, I’m not sure what to think about what I saw, I should have looked closer before I deleted and blocked it. It did however show up in the log file, I’m not sure if that’s confirmation that someone was actually in, or if that was just the user name that someone used as they tried to log in 
. I do seem to recall that it said 0 bits in the log.
The 0 bit thing is one thing, but that makes me think that someone actually got through Xfinity and Norton in able to even get that far. Does that mean they could browse around on my network and other devices???
. I do seem to recall that it said 0 bits in the log. The 0 bit thing is one thing, but that makes me think that someone actually got through Xfinity and Norton in able to even get that far. Does that mean they could browse around on my network and other devices???
Re: anyone ever see a strange login in your log file?
Getting to the log-in screen and not being able to log in can be distressing but not really all that terrible. If you trust the log-in screen security.
After all, your Router and Norton have to let you in. If you want to block others you'll need to configure your router and Norton to somehow recognize you from the probing bad actors.
Some choose to require VPN to get in, others think that probing is not a catastrophe.
Your choice on how much hassle you want to deal with to prevent the probing.
I have clients who log in to see their assets so I don't want the extra hassle that a VPN would burden my clients with.
After all, your Router and Norton have to let you in. If you want to block others you'll need to configure your router and Norton to somehow recognize you from the probing bad actors.
Some choose to require VPN to get in, others think that probing is not a catastrophe.
Your choice on how much hassle you want to deal with to prevent the probing.
I have clients who log in to see their assets so I don't want the extra hassle that a VPN would burden my clients with.
Re: anyone ever see a strange login in your log file?
I have an Xfinity router that has some sort of protection. I get notifications that it blocked outside attempts and it gives me info on the IP address where it originated. I’ll try and screen capture the next warning that I get. It happens almost every day.
Re: anyone ever see a strange login in your log file?
When I first enabled the BI Webserver, I was getting anywhere between a few and 50 login attempts to the Webserver - all failed.
BI Status/Connections will list the attempts and successful logins.
You can check the BI log - I would suggest making a copy of it. Otherwise you will get notified when it changes and ask if you want to update.
Use whatever pgm (I use Notepad++) to 'find all' on the following...
: Connected
: Login
: Logout
: AuthFailed
They will list the IP address and the UserID used to make the attempt.
The 'Connected' log entry is when a login attempt was made (I think).
The main one is 'Login'.
You'll typically see, Connected, Login, Logout with the duration.
BI Status/Connections will list the attempts and successful logins.
You can check the BI log - I would suggest making a copy of it. Otherwise you will get notified when it changes and ask if you want to update.
Use whatever pgm (I use Notepad++) to 'find all' on the following...
: Connected
: Login
: Logout
: AuthFailed
They will list the IP address and the UserID used to make the attempt.
The 'Connected' log entry is when a login attempt was made (I think).
The main one is 'Login'.
You'll typically see, Connected, Login, Logout with the duration.
Re: anyone ever see a strange login in your log file?
Many things to consider here. First, I would be wary of exposing your computers behind your router to the internet unless you have a decent awareness of network security. Are you port forwarding to your BI computer or is it “on the internet” through its ipv6 address? I would suggest restricting the firewall rules passing through your router to the bare minimum required.
General wisdom is to not expose your home services to the internet unless you truly need remote access. If you do, doing a VPN into your home network then accessing it “internally” is preferred. Easier to lock down that well used and studied VPN service than BI and your desktop Windows computer. A little clunky as you have to turn it on when out-and-about. One counter argument could be that opens a door to full access to your network if VPN is ever compromised. But again, a compromised BI computer could lead to the same situation.
Last, if you do want to expose it to the internet, use a random port. It’s security through obscurity (i.e. not great), but it may reduce some of the attempts.
General wisdom is to not expose your home services to the internet unless you truly need remote access. If you do, doing a VPN into your home network then accessing it “internally” is preferred. Easier to lock down that well used and studied VPN service than BI and your desktop Windows computer. A little clunky as you have to turn it on when out-and-about. One counter argument could be that opens a door to full access to your network if VPN is ever compromised. But again, a compromised BI computer could lead to the same situation.
Last, if you do want to expose it to the internet, use a random port. It’s security through obscurity (i.e. not great), but it may reduce some of the attempts.
Re: anyone ever see a strange login in your log file?
I used to see a lot of attempts every day to log in to my BI system. I now run OpenVPN on my router, and closed the ports. Problem gone.If you do, doing a VPN into your home network then accessing it “internally” is preferred.
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Problem ? Ask and we will try to assist, but please check the Help file.
Re: anyone ever see a strange login in your log file?
There are varying degrees of protection on a scale from "opening just the html port to the BI server" to a "full VPN."
It is just a matter of your comfort/nervous as to where you fall in that range. And there are things you can do in each solution to make it a little more secure.
I run BI on a machine behind a NGINX reverse proxy and have that reverse proxy to accept 80 and 443 (80 gets routed to 443), https encrypt and connect to the BI machine.
Since my BI machine is pretty up to date with security I am comfortable exposing the web port.
Others may not be.
It is just a matter of your comfort/nervous as to where you fall in that range. And there are things you can do in each solution to make it a little more secure.
I run BI on a machine behind a NGINX reverse proxy and have that reverse proxy to accept 80 and 443 (80 gets routed to 443), https encrypt and connect to the BI machine.
Since my BI machine is pretty up to date with security I am comfortable exposing the web port.
Others may not be.