Community discussions

MikroTik App
 
Acerko
just joined
Topic Author
Posts: 9
Joined: Wed Jan 18, 2017 12:24 am

Login failture via FTP

Wed Jan 18, 2017 12:33 am

Hello 2all

Can somebody tell me is this virus in my netvork or somebody is so creative to trying these usernames to login?
I have this logs from diferent user on network, same situation.
jan/13 15:29:16 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:29:20 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:29:23 system,error,critical login failure for user Admin from 192.168.14
.253 via ftp 
jan/13 15:29:26 system,error,critical login failure for user Admin from 192.168.14
.253 via ftp 
jan/13 15:29:30 system,error,critical login failure for user Administrator from 19
2.168.14.253 via ftp 
jan/13 15:29:33 system,error,critical login failure for user Administrator from 19
2.168.14.253 via ftp 
jan/13 15:29:37 system,error,critical login failure for user administrator from 19
2.168.14.253 via ftp 
jan/13 15:29:40 system,error,critical login failure for user administrator from 19
2.168.14.253 via ftp 
jan/13 15:29:43 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:29:47 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:29:50 system,error,critical login failure for user Admin from 192.168.14
.253 via ftp 
jan/13 15:29:54 system,error,critical login failure for user Admin from 192.168.14
.253 via ftp 
jan/13 15:29:57 system,error,critical login failure for user Administrator from 19
2.168.14.253 via ftp 
jan/13 15:30:00 system,error,critical login failure for user Administrator from 19
2.168.14.253 via ftp 
jan/13 15:30:04 system,error,critical login failure for user User from 192.168.14.
253 via ftp 
jan/13 15:30:07 system,error,critical login failure for user User from 192.168.14.
253 via ftp 
jan/13 15:30:11 system,error,critical login failure for user Username from 192.168
.14.253 via ftp 
jan/13 15:30:14 system,error,critical login failure for user adm from 192.168.14.2
53 via ftp 
jan/13 15:30:18 system,error,critical login failure for user admim from 192.168.14
.253 via ftp 
jan/13 15:30:21 system,error,critical login failure for user admin2 from 192.168.1
4.253 via ftp 
jan/13 15:30:24 system,error,critical login failure for user admin2 from 192.168.1
4.253 via ftp 
jan/13 15:30:28 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:31 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:35 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:38 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:41 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:45 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:48 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:52 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:55 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:30:58 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:02 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:05 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:09 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:12 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:15 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:19 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:22 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:26 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:29 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:33 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:36 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:39 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:43 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:46 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:50 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:31:53 system,error,critical login failure for user TMARDLKT93319 from 19
2.168.14.253 via ftp 
jan/13 15:31:56 system,error,critical login failure for user ZXDSL from 192.168.14
.253 via ftp 
jan/13 15:32:00 system,error,critical login failure for user DXDSL from 192.168.14
.253 via ftp 
jan/13 15:32:03 system,error,critical login failure for user ADSL from 192.168.14.
253 via ftp 
jan/13 15:32:07 system,error,critical login failure for user comcast from 192.168.
14.253 via ftp 
jan/13 15:32:10 system,error,critical login failure for user cusadmin from 192.168
.14.253 via ftp 
jan/13 15:32:13 system,error,critical login failure for user customer from 192.168
.14.253 via ftp 
jan/13 15:32:17 system,error,critical login failure for user login from 192.168.14
.253 via ftp 
jan/13 15:32:20 system,error,critical login failure for user login from 192.168.14
.253 via ftp 
jan/13 15:32:24 system,error,critical login failure for user login from 192.168.14
.253 via ftp 
jan/13 15:32:27 system,error,critical login failure for user manager from 192.168.
14.253 via ftp 
jan/13 15:32:30 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:32:34 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:32:37 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:32:41 system,error,critical login failure for user smc from 192.168.14.2
53 via ftp 
jan/13 15:32:44 system,error,critical login failure for user support from 192.168.
14.253 via ftp 
jan/13 15:32:47 system,error,critical login failure for user sysadm from 192.168.1
4.253 via ftp 
jan/13 15:32:51 system,error,critical login failure for user user from 192.168.14.
253 via ftp 
jan/13 15:32:54 system,error,critical login failure for user user from 192.168.14.
253 via ftp 
jan/13 15:32:58 system,error,critical login failure for user user from 192.168.14.
253 via ftp 
jan/13 15:33:01 system,error,critical login failure for user 666666 from 192.168.1
4.253 via ftp 
jan/13 15:33:04 system,error,critical login failure for user 888888 from 192.168.1
4.253 via ftp 
jan/13 15:33:08 system,error,critical login failure for user Dinion from 192.168.1
4.253 via ftp 
jan/13 15:33:11 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:33:15 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:33:18 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:33:21 system,error,critical login failure for user admin1 from 192.168.1
4.253 via ftp 
jan/13 15:33:25 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:28 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:32 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:35 system,error,critical login failure for user service from 192.168.
14.253 via ftp 
jan/13 15:33:38 system,error,critical login failure for user supervisor from 192.1
68.14.253 via ftp 
jan/13 15:33:42 system,error,critical login failure for user ubnt from 192.168.14.
253 via ftp 
jan/13 15:33:45 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:49 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:52 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:55 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:33:59 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:34:02 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:34:06 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:34:09 system,error,critical login failure for user root from 192.168.14.
253 via ftp 
jan/13 15:34:13 system,error,critical login failure for user admin from 192.168.14
.253 via ftp 
jan/13 15:34:16 system,error,critical login failure for user root from 192.168.14.
253 via ftp
 
AlexeyIlinsky
newbie
Posts: 25
Joined: Fri Jan 20, 2017 8:34 am

Re: Login failture via FTP

Fri Jan 20, 2017 9:13 am

Disable ftp service if you don't use it or. Change its port in IP - Services to avoid your resources being wasted
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Login failture via FTP

Fri Jan 20, 2017 9:46 pm

Password guessing bots, it happens all the time. But usually they come from outside. If 192.168.14.253 is in your LAN, I'd be a little worried what happens there if I was you.
 
Acerko
just joined
Topic Author
Posts: 9
Joined: Wed Jan 18, 2017 12:24 am

Re: Login failture via FTP

Tue Jan 31, 2017 12:10 am

I blocked FTP, we will se what happening.

I think some users have some malware od scripts in backround that trying to log.

Why to be worried? You think they can crack my pass
 
Acerko
just joined
Topic Author
Posts: 9
Joined: Wed Jan 18, 2017 12:24 am

Re: Login failture via FTP

Tue Jan 31, 2017 12:12 am

And this IP is inside my network
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Login failture via FTP

Tue Jan 31, 2017 12:51 am

I have no idea what exactly is your network (you didn't say). But judging from used subnet, it looks like some LAN. And LANs often have devices without strict access rules, that can possibly be broken into, cause some more damage, etc. Infected machines in such LANs are generally not a good thing. It may not be a problem in your case, that's what you must/should know.
 
Acerko
just joined
Topic Author
Posts: 9
Joined: Wed Jan 18, 2017 12:24 am

Re: Login failture via FTP

Thu Feb 23, 2017 2:59 pm

Hello thank for answers,

my network is in student dorm, I have four subnets inside network (every floor one subnet: 192.168.11.0/24 first floor, 192.168.12.0/24 second floor, 192.168.13.0/24 thirth floor, 192.168.14.0/24 fourth floor), its lokal network users using network for share files, games and internet.

This problem solved when i dissable FTP service on my MikroTik.

I have another problem, tell me how to dissable users to download torrent, I have dissabled p2p bandwith, but you know students always find a way :)

They download files using simple method, disconect from my network, connect laptop to hotspot on mobile phone, start downloading torrent, then come back to my network and downloading continue without problem.

Anyone have same shituation? Help?
 
User avatar
skot
Long time Member
Long time Member
Posts: 584
Joined: Wed Nov 30, 2011 3:05 am

Re: Login failture via FTP

Fri Sep 01, 2017 9:52 pm

I recently had the same issue, and I believe it is Avast's Wi-Fi Inspector, which checks for threats on the network including default router passwords. The only way for Avast to test for this is to make brute force login attempts to the router.

According to this article:
Wi-Fi Inspector exposes the following vulnerabilities:
Weak or default passwords (for Wi-Fi and router administration)
Router firmware vulnerabilities (for most common vendors)
Initially I assumed it was a virus infection, as the offending machine was ridden with PUPs and adware. But then, during the following week, a few more computers on the network attempted to login using very similar patterns of usernames. However, multiple virus scans came up clean, which was concerning and implied network propagating malware that was hiding itself well. Then, for many months everything went quiet, until recently when new login attempts were made by a different computer.

After digging online, I found this Netgear thread which points to Avast as being the culprit.

I have not confirmed this in my case, but so far everything points in that direction.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Login failture via FTP

Sat Nov 18, 2017 7:35 pm

I have these "attacks" time to time from inner computers running avast too. I disabled the wifi inspector to see if it makes any difference...
 
bernicesmith
just joined
Posts: 1
Joined: Tue Jan 23, 2018 11:27 am

Re: Login failture via FTP

Tue Jan 23, 2018 12:10 pm

I was also facing this trouble and I go through the scanning method of the PC first. I scan it from spy hunter.

Who is online

Users browsing this forum: Ahrefs [Bot], BuckBuck, emunt6 and 67 guests