Was I being Hacked?

JT Strickland

Very Senior Member
I was doing a periodic check on my router, and saw there were 3 then 2 then 1 then 0 UNDEF users logged into my VPN server, and only one person, my accountant, is supposed to come in that door.
I checked my log, and it was filled with these, with varying addresses:

Sep 28 04:38:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 TLS: Initial packet from [AF_INET]45.164.16.135:80 (via [AF_INET].xxx.xxx.xxx%eth0), sid=xxxxxxxx xxxxxxxx
Sep 28 04:39:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 28 04:39:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 TLS Error: TLS handshake failed
Sep 28 04:39:52 RT-AX86U-CB28 ovpn-server1[5343]: 45.164.16.135:80 SIGUSR1[soft,tls-error] received, client-instance restarting

I turned off access to the server, then turned off the server. Scared me, never have seen that before. About all of them were from port 5343, or I assume that's what that is, but the IP varied.
Am I got?
 

dev_null

Senior Member
It seems somebody found your port and is probing it. Everything is working as intended (TLS negotiation failed) because they didn't authenticate and weren't permitted a connection.

When this happened to me I switched external ports (to a higher port number).
 

JT Strickland

Very Senior Member
Thanks, I will try that. I knew that had "wrong" wrote all over it.
Knowing me, I probably posted that port number.
 
Last edited:

L&LD

Part of the Furniture
Don't trust accountants!
 

JT Strickland

Very Senior Member
You're using port 80. Tons of bots will scan ports 80/443, so that's a bad idea.
I thought I had changed that, but I will now!
I expected Skynet would catch it, but I suppose it didn't because they were coming in through openvpn.
 

ColinTaylor

Part of the Furniture
I thought I had changed that, but I will now!
You probably did. The port 80 shown in the log is the source port of the person connecting (which in itself is unusual). It's an easy mistake to make.
 

kernol

Very Senior Member

JT Strickland

Very Senior Member

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top