gcoupe 63 Posted October 11, 2014 Share Posted October 11, 2014 I'm seeing about 50 of these messages in the Recent Activity list in the Dashboard over the past couple of days. They all come from the same external IP address - which turns out to be my public IP address. What's going on here - I only ever access (knowingly) my MB3 server from clients running on my home (internal) network... This seems to have started since installing Version 3.0.5395.0 of the server. Link to comment Share on other sites More sharing options...
ebr 14960 Posted October 11, 2014 Share Posted October 11, 2014 Is "Administrator" an actual user on your server? It may just be someone/thing that discovered your external IP address and is trying to crack in. Link to comment Share on other sites More sharing options...
gcoupe 63 Posted October 11, 2014 Author Share Posted October 11, 2014 Is "Administrator" an actual user on your server? It may just be someone/thing that discovered your external IP address and is trying to crack in. Yes, "Administrator" is, er, the administration account... Link to comment Share on other sites More sharing options...
Deathsquirrel 741 Posted October 11, 2014 Share Posted October 11, 2014 If you don't connect to MB from outside the network, close the port on your firewall. If you want the port open, I suggest creating a new administrator account with a less predictable name, and setting it to not display on the login screen. The names on the login screen should not have admin access. Link to comment Share on other sites More sharing options...
gcoupe 63 Posted October 12, 2014 Author Share Posted October 12, 2014 Well, I suspect that the port is already closed, since, following a complete reinstall of the MB3 server last week, the Administrator account (in MB3) was not password protected at the time. The fact that the login attempts were failing points to the fact that the firewall was shielding attempts from the internet, does it not? I've now turned on password protection in MB3 (whilst continuing to not require it for local network access). Link to comment Share on other sites More sharing options...
Sven 136 Posted October 12, 2014 Share Posted October 12, 2014 Well, I suspect that the port is already closed, since, following a complete reinstall of the MB3 server last week, the Administrator account (in MB3) was not password protected at the time. The fact that the login attempts were failing points to the fact that the firewall was shielding attempts from the internet, does it not? I've now turned on password protection in MB3 (whilst continuing to not require it for local network access). You can remove the password on your local network Link to comment Share on other sites More sharing options...
gcoupe 63 Posted October 12, 2014 Author Share Posted October 12, 2014 That's what I meant by "whilst continuing to not require it for local network access" - I checked that box... Link to comment Share on other sites More sharing options...
Sven 136 Posted October 12, 2014 Share Posted October 12, 2014 That's what I meant by "whilst continuing to not require it for local network access" - I checked that box... Sorry for that, It's maybe to early for me.... Link to comment Share on other sites More sharing options...
gcoupe 63 Posted October 12, 2014 Author Share Posted October 12, 2014 No problems... Have a cup of coffee 1 Link to comment Share on other sites More sharing options...
ebr 14960 Posted October 12, 2014 Share Posted October 12, 2014 Just FYI - the port would have had to be open and routed properly or the message never would have been in the server. So, best to be sure that password is there. Link to comment Share on other sites More sharing options...
gcoupe 63 Posted October 12, 2014 Author Share Posted October 12, 2014 Just FYI - the port would have had to be open and routed properly or the message never would have been in the server. So, best to be sure that password is there. So, then why did the login attempt fail? If it was not password protected, surely the login would have succeeded? Link to comment Share on other sites More sharing options...
ebr 14960 Posted October 12, 2014 Share Posted October 12, 2014 No because we now have stricter security than just a password. The client being used to try and log in has to be authorized as well. Link to comment Share on other sites More sharing options...
gcoupe 63 Posted October 12, 2014 Author Share Posted October 12, 2014 OK - good to know... Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now