I logged into my access server's admin web interface and clicked on current users.
I saw an IP from Sweden that's been reported for abuse hundreds of time.
The name was given as UNDEF and I don't believe it was given a VPN IP, at least I can't recall seeing one, and it was only connected for 30 seconds, around as long as I was logged in.
I clicked block but decided not to but by the time it refreshed it was already gone.
Should I be concerned?
From what I've read the UNDEF signifies the IP wasn't able to get into the access server.
Looking at the logs all connections are from legitimate users.
I watched the current users section for a few minutes and didn't see it happen again.
If it was something serious and someone has hacked my server what can be done to lock it down further?
All accounts have strong passwords and the server it's hosted on is locked down as much as I could.
I'm more concerned about what noticing the UNDEF user means and if I was hacked.
2 posts • Page 1 of 1