Jump to content

"Failed Login Attempt From Administrator"

gcoupe

By gcoupe
in General/Windows

 Share

Recommended Posts

gcoupe

gcoupe   63

Posted
Posted

I'm seeing about 50 of these messages in the Recent Activity list in the Dashboard over the past couple of days. They all come from the same external IP address - which turns out to be my public IP address.

 

What's going on here - I only ever access (knowingly) my MB3 server from clients running on my home (internal) network...

 

This seems to have started since installing Version 3.0.5395.0 of the server.

Link to comment
Share on other sites
ebr Emby Team

ebr   14918

Posted
Posted

Is "Administrator" an actual user on your server?

 

It may just be someone/thing that discovered your external IP address and is trying to crack in.

Link to comment
Share on other sites
gcoupe

gcoupe   63

Posted
  • Author
Posted

Is "Administrator" an actual user on your server?

 

It may just be someone/thing that discovered your external IP address and is trying to crack in.

Yes, "Administrator" is, er, the administration account...

Link to comment
Share on other sites
Deathsquirrel

Deathsquirrel   741

Posted
Posted

If you don't connect to MB from outside the network, close the port on your firewall.

 

If you want the port open, I suggest creating a new administrator account with a less predictable name, and setting it to not display on the login screen.  The names on the login screen should not have admin access.

Link to comment
Share on other sites
gcoupe

gcoupe   63

Posted
  • Author
Posted

Well, I suspect that the port is already closed, since, following a complete reinstall of the MB3 server last week, the Administrator account (in MB3) was not password protected at the time. The fact that the login attempts were failing points to the fact that the firewall was shielding attempts from the internet, does it not?

 

I've now turned on password protection in MB3 (whilst continuing to not require it for local network access).

Link to comment
Share on other sites
Sven

Sven   136

Posted
Posted

Well, I suspect that the port is already closed, since, following a complete reinstall of the MB3 server last week, the Administrator account (in MB3) was not password protected at the time. The fact that the login attempts were failing points to the fact that the firewall was shielding attempts from the internet, does it not?

 

I've now turned on password protection in MB3 (whilst continuing to not require it for local network access).

 

You can remove the password on your local network

 

5XjfID9.png

Link to comment
Share on other sites
Sven

Sven   136

Posted
Posted

That's what I meant by "whilst continuing to not require it for local network access" - I checked that box...

 

Sorry for that, It's maybe to early for me.... :)

Link to comment
Share on other sites
ebr Emby Team

ebr   14918

Posted
Posted

Just FYI - the port would have had to be open and routed properly or the message never would have been in the server.  So, best to be sure that password is there.

Link to comment
Share on other sites
gcoupe

gcoupe   63

Posted
  • Author
Posted

Just FYI - the port would have had to be open and routed properly or the message never would have been in the server.  So, best to be sure that password is there.

 

So, then why did the login attempt fail? If it was not password protected, surely the login would have succeeded?

Link to comment
Share on other sites
ebr Emby Team

ebr   14918

Posted
Posted

No because we now have stricter security than just a password.  The client being used to try and log in has to be authorized as well. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...