Votes:
After I've began to monitor a APC's Network Management Card for a Smart-UPS I'm receiving frequent messages in the UPS's software:
"Detected an unauthorized user attempting to access the FTP interface from 192.168.100.1." (The actual IP Address of the PRTG Probe)
Why does this happen and how to stop it?
Created on Jun 23, 2015 6:56:38 AM by
Last change on Jun 23, 2015 7:01:46 AM by
7 Replies
Votes:
Depending of the settings used for the Auto-Discovery you may end up with a FTP Sensor, in that case PRTG will try to access the FTP on every scan interval, without proper Credentials configured in the Sensor's Settings you may get this sort of message.
Solution: Either configure the proper credentials on the sensor or remove/pause the FTP Sensor if it's not required.
Created on Jun 23, 2015 7:00:01 AM by
Last change on Feb 10, 2017 8:37:08 AM by
Votes:
I am also getting same error . Also I am getting another message as below
| Detected an unauthorized user attempting to access the FTP interface from 10.x.x.x |
| Detected an unauthorized user attempting to access the control console interface from 10.x.x.x |
How can I resolve this .
Could you please provide steps
Last change on Feb 10, 2017 8:36:06 AM by
Votes:
Hello @sharonjose,
thank you for your reply/post.
Please refer to solution suggested here: Best Answer
Best Regards,
Luciano Lingnau [Paessler Support]
Created on Feb 10, 2017 8:36:58 AM by
Votes:
Hello, I am getting the same message from the APC UPS except it says SNMP instead of FTP. I do have correct SNMP credentials and I can monitor the APC UPS via SNMP Library Sensor. I receive this message over 20 times a day.
The exact message is:
| Detected an unauthorized user attempting to access the SNMP interface from xxx.xxx.xxx.xxx |
Please advice.
Jose Pineda
Last change on Aug 24, 2017 7:24:25 AM by
Votes:
Hello Jose,
thank you for your reply.
If the xxx.xxx.xxx.xxx address belongs to PRTG (or a PRTG Probe), search for the device's address in PRTG, the device may be deployed more than once and may be attempting to use incorrect credentials.
If you have an auto-discovery group that will scan that range it could also cause this message if the group doesn't have the correct SNMP Credentials set.
Best Regards,
Luciano Lingnau [Paessler Support]
Created on Aug 23, 2017 7:08:27 AM by
Votes:
Hello Jose,
thank you for your reply.
I can't think of any reason why the Fortinet would poll the APC using SNMP. Essentially both devices support SNMP as an "agent/monitored device". They can have different SNMP communities, that's not a problem and the Fortigate shouldn't be polling the device (I even doubt it has the capabilities to do so).
Could it be that you're seeing this connection as coming from the Fortinet because of an inbound NAT which masquerades the real IP of the device trying to poll the APC? You may want to set-up a "Filter" or "Live View" (if the Fortigate has something like this) to view all port 161 traffic on the firewall (to see the source interface if it's coming from somewhere else)
Lastly, you could also pause the "Root" element of your PRTG for a couple of minutes to check if the messages continue or stop. This will tell you if PRTG is involved in any way.
Best Regards,
Luciano Lingnau [Paessler Support]
Created on Aug 24, 2017 7:28:16 AM by
Add comment