Baza wiedzy
AVM Content
FRITZ!Box reports "Login by user [...] failed"
The event log of the FRITZ!Box displays messages about failed access attempts from unknown users with unknown IP addresses at regular intervals:
- "Login of user [...] to the FRITZ!Box user interface from the IP address [...] failed (incorrect password)."
- "Login of user admin to the FRITZ!Box user interface from the IP address [...] failed (incorrect password)."
Note:All instructions on configuration and settings given in this guide refer to the FRITZ!Box 6820 LTE v2, v3, and v4 with the latest FRITZ!OS, the FRITZ!Box 6820 LTE v1 may vary.
1 Messages do not mean there is a security threat
The FRITZ!Box logs successful as well as failed attempts to log in to the FRITZ!Box using the HTTPS protocol.
The failed login attempts are usually automated access attempts from unknown remote sites on the internet, using common usernames and passwords. However, these could also be failed access attempts made by family members or roommates, or access attempts from older FRITZ!App installations with expired login credentials (for example on a child's smartphone).
These login attempts were not successful. The FRITZ!Box or devices in the home network could not be accessed.
Even though reports of abuse from abroad often do not bring any results and it is not always possible to determine the owner of an IP address, it is advisable to report repeated login attempts from unknown IP addresses to the owner of the IP address.
You can use the IP WHOIS Lookup to determine the owner of an IP address, for example. Normally reports of abuse can be submitted to the owner of the IP address by sending an email to abuse@domainname.xyz.
2 Blocking IP addresses
If the unsuccessful login attempts always come from the same foreign IP address and the owner of the IP address does not respond to reports of abuse, you can also configure the FRITZ!Box so that it rejects all requests from this IP address:
- Click "Internet" in the FRITZ!Box user interface.
- Click "Filter" in the "Internet" menu.
- Click on the "Lists" tab.
- In the "IP Blocking Lists" section, click on the "edit" link next to the list "Blocked IP addresses".
- Enter the IP addresses from which connections to the FRITZ!Box are to be rejected.
Note:If you want to block several IP addresses, separate the individual addresses with a space or line break. You can enter up to 64 IP addresses.
- Click "Apply" to save the list.
3 Tips for additional security
To make it more difficult for unauthorized persons to access your FRITZ!Box via the internet and to minimize the potential for attack, observe the following security tips and adjust the settings of your FRITZ!Box, if necessary:
Installing the latest FRITZ!OS
- Install the latest FRITZ!OS on the FRITZ!Box.
Disabling services that are no longer needed
- Click "Diagnostics" in the FRITZ!Box user interface.
- Click "Security" in the "Diagnostics" menu.
- In the "FRITZ!Box Services" section, check which services are set up for access from the internet in the FRITZ!Box.
- Disable the services that you no longer need.
Note:MyFRITZ!Net requires the service "Internet access to the FRITZ!Box (HTTPS)".
Using individual account information
- Click "System" in the FRITZ!Box user interface.
- Click "FRITZ!Box Users" in the "System" menu.
- Give all users unique usernames. Do not use usernames that are easy to guess, such as admin, guest, fritzbox, remote, or user.
- Give all users unique passwords that are strong enough. Do not use any passwords that are easy to guess or ones that you already use for other services, such as an email account, Amazon, Facebook, or Google.
Note:You can find information on strong passwords in our guide Everything you need to know about strong passwords, for example. A password manager like Bitwarden or KeePass can help you keep track of things while also generating cryptographically complex passwords.
Using an alternative HTTPS port
- Click "Internet" in the FRITZ!Box user interface.
- Click "Permit Access" in the "Internet" menu.
- Click on the "FRITZ!Box Services" tab.
- In the field "TCP port for HTTPS", enter an unused port from the range 1024 to 65535 instead of the default port 443. This makes it more difficult for unauthorized persons to determine whether it is even possible to access the FRITZ!Box via HTTPS.
- Click "Apply" to save the settings.
Setting up push service for logins to the FRITZ!Box
- Set up the "Change Notice" push service.
- Click the (Edit) button for the "Change Notice" push service.
- Enable the option "Inform about logins to the user interface".
- Click "Apply" to save the settings.