I was running rocket.chat and everything was fine but then I got a bad gateway message on my site.
I checked and the status was active and green. But I got this message too “Received disconnect from IP ADDRESS #### port ####: Bye Bye [preauth] Disconnected from invalid user NAME IP ADDRESS #### port #### [preauth]
And this goes on and on. Any help is very much appreciated !!!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi @workshopdebate,
It is likely that the attacker is using some custom code to brute-force the server which is ending up in malformed authentication requests being sent, resulting in the server killing the connection. So from the code it appears they are in fact trying to login, but the server doesn’t like how they’re attempting that.
As such, these log entries aren’t anything to worry about unless you think you are likely to be a targeted victim for any reason (in which case you should be taking extra precautions such as refusing password-based logins).
Anyway, I’ll suggest you install fail2ban or any other service that helps you with such attempts.
Regards, KFSys
