Hello, I had a problem this afternoon where my server received several error messages in the log, probably caused by a hacker scan. What do you recommend to prevent these types of issues?
It caused a huge slowdown on the server.
Here’s just a snippet of the log
2025-08-26 16:19:37 INFO: [T4cfb30ac: iotm < 176.46.158.61] 0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000
2025-08-26 16:19:38 INFO: [T48842dbe] id: 869412076904330, time: 2025-08-26 16:08:56, lat: -23.45760, lon: -47.46951, course: 268.0
2025-08-26 16:19:40 INFO: [Tc7ab0a0f] connected
2025-08-26 16:19:40 INFO: [Tc7ab0a0f: tramigo < 176.46.158.61] 0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000
2025-08-26 16:19:40 WARN: [Tc7ab0a0f] error - readerIndex(0) + length(1) exceeds writerIndex(0): UnpooledSlicedByteBuf(ridx: 0, widx: 0, cap: 0/0, unwrapped: AdaptivePoolingAllocator$AdaptiveByteBuf(ridx: 0, widx: 47, cap: 2048)) - IndexOutOfBoundsException (... < TramigoProtocolDecoder:56 < ExtendedObjectDecoder:73 < ... < WrapperContext:102 < ... < WrapperInboundHandler:56 < ...)
2025-08-26 16:19:40 WARN: [Tc7ab0a0f] error - TramigoFrameDecoder.decode() did not read anything but decoded a message. - DecoderException (... < WrapperInboundHandler:56 < ... < StandardLoggingHandler:62 < ... < NetworkMessageHandler:36 < ...)
2025-08-26 16:19:40 WARN: [Tc7ab0a0f] error - ClassCastException
2025-08-26 16:19:40 INFO: [Tc7ab0a0f] disconnected
2025-08-26 16:19:40 WARN: [Tc7ab0a0f] error - TramigoFrameDecoder.decode() did not read anything but decoded a message. - DecoderException (... < WrapperInboundHandler:50 < ... < OpenChannelHandler:38 < ...)
2025-08-26 16:19:40 INFO: [Tf6f3ec5b] connected
2025-08-26 16:19:40 INFO: [Tf6f3ec5b: autotrack < 176.46.158.61] 0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000
2025-08-26 16:19:41 INFO: [T8f5419e4] connected
2025-08-26 16:19:41 INFO: [T8f5419e4: mobilogix < 176.46.158.61] 0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000
2025-08-26 16:19:42 INFO: [Tef4820e9] connected
Close ports that you don't use.
Maybe a Fail2Ban filter and rule?
Hello, I had a problem this afternoon where my server received several error messages in the log, probably caused by a hacker scan. What do you recommend to prevent these types of issues?
It caused a huge slowdown on the server.
Here’s just a snippet of the log