I have a network attached storage that is showing continuous (every 10sec) failed attempts to login. The short usernames appear to be Chinese but that can be a misdirection. And of course the IP address is from all over the world if I try to lookup.

What I'm unsure about is knowing, as much as I can, what is happening. The Notification when I login into the web UI for this NAS is "user wangx failed login attempt ssh/sftp". It's a linux based OS on the NAS and i can access using ssh user/pass on intranet or https web via NGINX.

I'm not sure how exactly to interpret what is actually happening at the NAS so I thought I could look at my nginx config for this route and determine what the config blocks or allows.

I'm not an IT person, I did not install NGINX or setup it up. My IT person has left so I'm left to deal with this situation.

Based on the following config, can you help me understand what access attempts would be blocked or what access attempts would be forwarded, or both?


```
...sites-enabled$ more <file named similar to subdomain>
server {
listen 80;
server_name <subdomain url>;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
server_name <subdomain url>;
ssl_certificate <key file path>
ssl_certificate_key <key file path>


location / {
proxy_pass http://<NAS IP>:8080;
proxy_cache off;
http2_push_preload on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
```

Thanks



Edited 1 time(s). Last edit at 03/04/2023 01:18PM by timbopoise.