Getting the error `password authentication failed for user "postgres"` yet I can access the db using pgadmin?

Questions / Help
1

Hello everyone.

I restarted the machine for my postgresql app but I’m getting the password authentication failed error but I can still access the DB externally. The following is the logs

2023-01-01T03:25:48.079 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:48.077 UTC [1384] FATAL: password authentication failed for user "postgres"
2023-01-01T03:25:48.079 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:48.077 UTC [1384] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"
2023-01-01T03:25:49.293 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:49.290 UTC [1390] FATAL: password authentication failed for user "postgres"
2023-01-01T03:25:49.293 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:49.290 UTC [1390] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"
2023-01-01T03:25:51.143 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:51.141 UTC [1394] FATAL: password authentication failed for user "postgres"
2023-01-01T03:25:51.143 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:51.141 UTC [1394] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"
2023-01-01T03:25:54.996 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:54.990 UTC [1421] FATAL: password authentication failed for user "postgres"
2023-01-01T03:25:54.996 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:54.990 UTC [1421] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"
2023-01-01T03:25:57.801 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:57.799 UTC [1440] FATAL: password authentication failed for user "postgres"
2023-01-01T03:25:57.801 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:57.799 UTC [1440] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"
2023-01-01T03:25:58.569 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:58.567 UTC [1445] FATAL: password authentication failed for user "postgres"
2023-01-01T03:25:58.569 app[217810xxx] sin [info] keeper | 2023-01-01 03:25:58.567 UTC [1445] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"
2023-01-01T03:26:00.680 app[217810xxx] sin [info] keeper | 2023-01-01 03:26:00.678 UTC [1457] FATAL: password authentication failed for user "postgres"
2023-01-01T03:26:00.680 app[217810xxx] sin [info] keeper | 2023-01-01 03:26:00.678 UTC [1457] DETAIL: Connection matched pg_hba.conf line 8: "host all all ::0/0 md5"

I would like to know if this should be ignored as everything works anyways, or is this something I should fix, and how would I fix it. Thanks everyone.

2

Are you sure this log entry is related to your connection?
Maybe is an application with wrong credentials in a restart loop or something.

3

Hey, im having exactly the same thing.

This started happening once I made the DB “externally accessible” (by following this guide). I made it external using ipv4 because I was worried about compatibility if I made it ipv6.

I had something like this when my Database was hosted on Heroku too. I asked support at Heroku and they told me that its bots that are attacking it and theres nothing you can do about it.

It seems like there are bots that are continually scanning the entire ip4 address space looking for postgres instances and when they find one they just start trying to brute force the password.

Am I correct in thinking this or is there something else going on here?

4

That’s likely yes. There are bots scanning ipv4 ranges and trying all kinds of exploits and default / common passwords.

I wonder if requiring ssl would help at all. Bots tend to not bother with TLS.

5

I just changed the default user from “postgres” to something else so they are now getting “user not found” errors instead. Hopefully that will stop the bot from trying, will let you know.

7

This started happening once I made the DB “externally accessible”…

hey, i did the same thing! i’m marking this as a solution as this is the most likely reason why this is happening