Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Jul 2021
    Posts
    2

    Default Untangle bruteforcing

    Hello,

    Is there a way to see logs if someone is trying to brutefroce GUI or SSH access?

    I know that I can login using ssh to the UT box and then check from auth.log but is this information somewhere in the UT GUI?

    BR
    Petri

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,175

    Default

    No, and if that's a concern you should simply modify your access rules to prevent that access entirely.

    There's a field in Config -> Administration where you can limit admin access to trusted addresses too.

    You can also configure an admin alert for when an admin login succeeds. You can do one for failures too... but I assume you like your sanity and prefer not to spam yourself.
    Last edited by sky-knight; 07-28-2021 at 07:49 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,700

    Default

    If a SSH or HTTP(s) is open to the Internet, it's being hammered. It's the nature of the current Internet.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Jul 2021
    Posts
    2

    Default

    As per the comments i would assume that there is no way to see this in gui.

    Of course it will be hammered if exposed to internet but bruteforcing can happen from internal network as well though probability this happening is of course low but still possible and if there is no logs to show that someone is trying or alerts then its kinda security risk.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,175

    Default

    Quote Originally Posted by Nukkumatti View Post
    As per the comments i would assume that there is no way to see this in gui.

    Of course it will be hammered if exposed to internet but bruteforcing can happen from internal network as well though probability this happening is of course low but still possible and if there is no logs to show that someone is trying or alerts then its kinda security risk.
    Config -> Administration

    Look at the bottom of the page, you need the restrict administration subnets box.

    That should contain a CIDR list of authorized networks, or a simple comma separated list of trusted IP addresses that can administrate Untangle. Machines outside the configured list won't even see a login prompt.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,700

    Default

    Reports has attempted logins. /admin/index.do#reports?cat=administration&rep=admin-login-events
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,175

    Default

    Quote Originally Posted by jcoffin View Post
    Reports has attempted logins. /admin/index.do#reports?cat=administration&rep=admin-login-events
    I need to tattoo this on the inside of my eyelids, because I keep forgetting about it. What's dumb is I do use it...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2