Issue: Random 2FA login screen appears whenever I try to access my services, I have not set up 2FA on my server. Still shows up even when I stop and remove Caddy container, maybe something went wrong on DuckDNS’s side?

Additional info: Server runs on Debian 12, I use DuckDNS and Caddy for reverse-proxy, and mainly use the server for Jellyfin, Nextcloud, Vaultwarden, and Komga all on Docker.

Have I been hacked? I stopped all the containers but should I also power off my machine? Any help would be appreciated, sorta panicking lol

https://preview.redd.it/k8wp4svjmzvb1.jpg?width=1905&format=pjpg&auto=webp&s=c76a891bd0540268ac11cd6e255eb5f960cc74f4

  • jonne@infosec.pubEnglish
    2·
    9 months ago

    Are you accessing it over DNS or through its IP address? Does it show for both?

    Edit: the security fabric login screen appears to be something from a Fortinet firewall. Do you have a hardware firewall?

  • buneech@alien.topBEnglish
    1·
    9 months ago

    Did your ip change and duckdns didn’t update? You’re probably getting someone else’s services, if they got your previous ip.

  • JVAV00@alien.topBEnglish
    1·
    9 months ago

    Isn’t this a fortinet firewall, I’ve used this in my class to learn about it