Recommend:
To the knowledge base

FRITZ!Box reports "Login by user [...] failed"

The event log of the FRITZ!Box displays messages about failed access attempts from unknown users with unknown IP addresses at regular intervals:

  • "Login of user [...] to the FRITZ!Box user interface from the IP address [...] failed (incorrect password)."
  • "Login of user [...] to the FRITZ!Box FTP service from the IP address [...] failed (incorrect username or password)."
  • "Login of user admin to the FRITZ!Box user interface from the IP address [...] failed (incorrect password)."
  • "Login of user anonymous to the FRITZ!Box FTP service from the IP address[...] failed (incorrect username or password)."

1 Messages do not mean there is a security threat

The FRITZ!Box logs successful as well as failed attempts to log in to the FRITZ!Box using the standard protocols HTTPS and FTP/FTPS.

The failed login attempts are usually automated access attempts from unknown remote sites on the internet, using common usernames and passwords. However, these could also be failed access attempts made by family members or roommates, or access attempts from older FRITZ!App installations with expired login credentials (for example on a child's smartphone).

These login attempts were not successful. The FRITZ!Box or devices in the home network could not be accessed.

Even though reports of abuse from foreign countries often do not bring any results and it is not always possible to determine the owner of an IP address, it is advisable to report repeated login attempts from unknown IP addresses to the owner of the IP address.

You can use the IP WHOIS Lookup to determine the owner of an IP address, for example. Normally reports of abuse can be submitted to the owner of the IP address by sending an email to abuse@domainname.xyz.

2 Tips for additional security

To make it more difficult for unauthorized persons to access your FRITZ!Box via the internet and to minimize the potential for attack, observe the following safety instructions and adjust the settings of your FRITZ!Box, if necessary:

Installing the latest FRITZ!OS

  1. Install the latest FRITZ!OS on the FRITZ!Box.

Disabling services that are no longer needed

  1. Click "Diagnostics" in the FRITZ!Box user interface.
  2. Click "Security" in the "Diagnostics" menu.
  3. In the "FRITZ!Box Services" section, check which services are set up for access from the internet in the FRITZ!Box.
  4. Disable the services that you no longer need.

    Note:MyFRITZ! requires the service "Internet access to the FRITZ!Box (HTTPS)".

Enabling additional confirmation

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Click on the "Additional Confirmation" tab.
  4. Enable the option "Extra confirmation to configure certain settings and functions (recommended)".
  5. Click "Apply" to save the settings.

Using unique usernames

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Give all users unique usernames. Do not use usernames that are easy to guess, such as admin, guest, fritzbox, remote, or user.

Using unique passwords

  1. Click "System" in the FRITZ!Box user interface.
  2. Click "FRITZ!Box Users" in the "System" menu.
  3. Give all users unique passwords that are strong enough. Do not use any passwords that are easy to guess or ones that you already use for other services, such as an email account, Amazon, Facebook, or Google.

    Note:You can find information on strong passwords from the National Institute of Standards and Technology and National Cyber Security Alliance (NCSA), for example. A password manager like Bitwarden or KeePass can help you keep track of things while also generating cryptographically complex passwords.

Using an alternative HTTPS port

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "FRITZ!Box Services" tab.
  4. In the field "TCP port for HTTPS", enter an unused port from the range 1024 to 65535 instead of the default port 443. This makes it more difficult for unauthorized persons to determine whether it is even possible to access the FRITZ!Box via HTTPS.
  5. Click "Apply" to save the settings.

Using an alternative FTP/FTPS port

  1. Click "Internet" in the FRITZ!Box user interface.
  2. Click "Permit Access" in the "Internet" menu.
  3. Click on the "FRITZ!Box Services" tab.
  4. If internet access to your storage media via FTP/FTPS is enabled, enter an unused port from the range 1024 to 65535 in the field "TCP Port for FTP/FTPS" instead of the default port 21. This makes it more difficult for unauthorized persons to determine whether it is even possible to access the FRITZ!Box via FTP/FTPS.
  5. Click "Apply" to save the settings.

Setting up push service for logins to the FRITZ!Box

  1. Set up the "Change Notice" push service.
  2. Click the (Edit) button for the "Change Notice" push service.
  3. Enable the option "Inform about logins to the user interface".
  4. Click "OK" to save the settings.