Question

Bad gateway hack help

I was running rocket.chat and everything was fine but then I got a bad gateway message on my site.

I checked and the status was active and green. But I got this message too “Received disconnect from IP ADDRESS #### port ####: Bye Bye [preauth] Disconnected from invalid user NAME IP ADDRESS #### port #### [preauth]

And this goes on and on. Any help is very much appreciated !!!

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hi @workshopdebate,

It is likely that the attacker is using some custom code to brute-force the server which is ending up in malformed authentication requests being sent, resulting in the server killing the connection. So from the code it appears they are in fact trying to login, but the server doesn’t like how they’re attempting that.

As such, these log entries aren’t anything to worry about unless you think you are likely to be a targeted victim for any reason (in which case you should be taking extra precautions such as refusing password-based logins).

Anyway, I’ll suggest you install fail2ban or any other service that helps you with such attempts.

Regards, KFSys