Do you know what the following in syslog means?

Jan 30 00:24:34 my-desktop vino-server.desktop[3805]: 30/01/2020 12:24:34 AM hosted-by.rustelekom.net
Jan 30 00:24:34 my-desktop vino-server.desktop[3805]: 30/01/2020 12:24:34 AM zohar.warliter.com
Jan 30 00:24:34 my-desktop vino-server.desktop[3805]: 30/01/2020 12:24:34 AM xxx.xxx.xx.xx

The above log is written frequently so the capacity is often filled.
Do you know what the following in syslog means?

Did you install vino? It is remote desktop software. Perhaps configured incorrectly, or perhaps being opened (or attempted open) by those network addresses. Are you behind a firewall or router, or is your network exposed directly to the internet?

I wish that log was a tad more verbose. It’s unclear whether those are sucessful logins or blocked tries.

In any case, You might want to use a firewall as suggested in that article and restrict vnc access to your local network. gufw, which you can install with “sudo apt install gufw” is easy to use on the Nano. If you need a remote way in you could use a VPN. Many routers have VPN capability built in, or you could configure your own (eg. OpenVPN, wireguard).

Added note: This is something to worry about, and is not specific to the operating system or hardware. Even if your system is not being compromised, then it is a denial of service when the disk fills. Hopefully the attempts are not getting in (which is what @mdegans mentions as unknown based on the minimal logs). The firewall mentioned by @mdegans could be used to prevent the logs from filling up simply by preventing any attempt from reaching the port…no attack reaching the Nano implies no log on the attack (unless of course the firewall rule itself is told to log).

Linuxdev is right. Logs aside, if you expose a service to the internet, attempts will be made to access it. If there are no limits to those attempts, the likelihood of your system being compromised is high. Even if that’s just your Nano, that gives an attacker a point of ingress inside your network, which is bad.

If you do allow access to your Nano from the outside, I would recommend not using any sort of password authentication. If whatever service (eg, ssh) supports public key authentication, you will want to mandate that instead. (PubkeyAuthentication yes, PasswordAuthentication no) That way a password cannot be guessed. Instead, add a password to your key when you generate it. By default, SSH on the Nano (and Ubuntu) is set up to use password authentication and there are no limits on the number of repeated failed login attempts.

It doesnt’ look like vnc specifically supports key pair authentication, but you can use ssh as a tunnel. Please see these articles on how to set it up:

Even with password authentication disabled, you can use gufw to set up rate limitations on the number of connection attempts for a given port (ufw limit …). Additionally, there are daemons that watch your logs (eg. psad, fai2ban) that will watch your logs and ban troublesome hosts automatically, however, ideally you want to stop this at your gateway, since parsing the log spam does burn a fair amount of cpu and typically gateways are optimized for this purpose.

If your gateway allows it, you might want to turn on some intrusion detection measures and/or ban incoming traffic from some entire countries.