Hello
I’m not sure if it’s bug or I’m doing something wrong but it annoys me for quite a long time already. I have set up mail notifications for errors on router. And every single time I even open webfig or hit f5 to reload some counters my mailbox is getting spammed with “login failure for user admin from <pc I’m trying to log in from> via web” It gets even more annoying when I’m performing some bigger changes because it sends me dozens of mails as I need to reload website after every reboot or whatever. And my mailbox in the end looks like this lol:
I don’t even have user admin I removed it. It’s just some default webfig behavior. It’s awful. Can i do something about it? The same happens when I try to log in over ssh but change my mind and press ctrl+c. It’s not really failed attempt to log in. In best case it counts as port scanning but not failed login attempt, there was no attempt, I didn’t type any pass, never tried to get in. I assume all those “failed login attempts” use blank password as that’s what ROS has out of box and then WebFig logs in automatically. but can’t ROS filter out such attempts? Or those with ssh? Or at least distinguish them somehow so I could filter it out in logging regex. There’s quite HUUUUGE difference between failed login attempt with old password changed week ago or brute forcing dictionary passwords and just mindless auto-login attempt with blank pass which brings no useful info apart from spam in logs. For now I can’t even say which ones were auto login from WebFig and which (if any) were actual failed login. Well lets say in my case i can distinguish it by looking at user when there’s failed login attempt for my actual account then it’s suspicious but if i was using admin I couldn’t tell that in any way.