FRITZ!Box 7560 Service - Knowledge Base

FRITZ!Box 7560 Service

FRITZ!Box reports "Login by user [...] failed"

Messages about failed access attempts from unknown users with unknown IP addresses are regularly displayed in the event log of the FRITZ!Box:

  • "Login of user admin to the FRITZ!Box user interface from the IP address [...] failed (incorrect password)."
  • "Login of user anonymous to the FRITZ!Box FTP service from the IP address[...] failed (incorrect user name or password)."
  • "Login of user [...] to the FRITZ!Box user interface from the IP address [...] failed (incorrect password)."
  • "Login of user [...] to the FRITZ!Box FTP service from the IP address [...] failed (incorrect user name or password)."

1 Messages do not pose a security threat

Starting with FRITZ!OS 6.80, the FRITZ!Box logs successful as well as unsuccessful attempts to login to the FRITZ!Box using the standard protocols HTTPS and FTP/FTPS.

In the vast majority of cases, these unsuccessful attempts to login are automated login attempts from unknown remote sites on the Internet, using common user names and passwords. These login attempts were not successful. The FRITZ!Box or devices in the home network could not be accessed.

However, we still recommend that you check the following:

  • Disable unused services: Disable any services that you no longer use to access the FRITZ!Box from the Internet. In the user interface under "Diagnostics > Security" you can check which FRITZ!Box services are set up for access from the Internet. MyFRITZ! requires the service "Internet access to the FRITZ!Box (HTTPS)".
  • Use an alternative HTTPS port: If "Internet access to the FRITZ!Box via HTTPS" is enabled under "Internet > Permit Access > FRITZ!Box Services" in the user interface, enter a port other than the default port 443 for HTTPS connections; for example, select a port from the range 45000-65000. This makes it more difficult for unauthorized persons to determine whether it is at all possible to access the FRITZ!Box over HTTPS.
  • Use an alternative FTP/FTPS port: If "Internet access to your storage media via FTP/FTPS enabled" is enabled under "Internet > Permit Access > FRITZ!Box Services" in the user interface, enter a port other than the default port 21 for FTP connections; for example, select a port from the range 21000-23000. This makes it more difficult for unauthorized persons to determine whether it is possible at all to access the FRITZ!Box over FTP/FTPS.
  • Use unique user names: Do not use names that are easy to guess, such as admin, guest, fritzbox, remote, or user to access the FRITZ!Box from the Internet. Also avoid using brand names.
    • You can edit the names of FRITZ!Box users under "System > FRITZ!Box Users" in the user interface.

      Note:By default, the user "ftpuser" is not assigned the right "Access from the Internet allowed". If the settings for this user were not changed, then it cannot access the FRITZ!Box over the Internet.

  • Use unique passwords: Select strong passwords for Internet access to the FRITZ!Box. Do not use passwords that are easy to guess or passwords that you already use for other services, such as en e-mail account, Facebook, or Amazon.
    • You can edit the passwords of FRITZ!Box users under "System > FRITZ!Box Users" in the user interface.