SpuddyUK
-
Posts
42 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by SpuddyUK
-
-
I wasn't quite sure where to post this support request, here or in the support group for the docker container I believe is causing the issue.
Every month or so, binhex-qbittorrentvpn causes problems and completely freezes my unraid web ui. Meaning I can no longer get into the unraid web ui at all. I can get into the CLI via SSH, but there are even some really strange things happening there too (htop wont load being one, diagnostics not being able to be collected being another).
As soon as I send a command "docker stop binhex-qbittorrentvpn" the unraid webui will load. However, now binhex-qbittorrentvpn container continues to show running (docker stats, and unraid ui) but I cannot access the UI for the qbit application. If I try to kill the container in any way (unraid UI, cli, PID, pkill etc), it throws an error. The only way to return to a fully functioning server, with working qbittorrentvpn container for another ~month, is to hard reboot the server (server will not gracefully shutdown as it believes binhex-qbittorrentvpn is running, and it cannot end it).
I even have a script to restart the qbit container every night at 12PM which I thought may help.
Any ideas, diags attached.
Thanks!
-
Getting a strange fullscreen set of syntax coming up during boot. Boot completes and nothing seems to be untoward during operation? Any ideas if I have anything to worry about?
-
@JorgeB
This seems to have resolved it! I don't remember ever manually selecting all the disks and wasn't aware that unselecting all the tickboxes would mean they'd all be apart of the share (if that makes sense? UI could be better in that regard). I realise this a corner case but would be great if a fix could creep into the next release.
-
1
-
-
I have a 16disk array (inc 2x parity). One of my disks (disk 7, sdi) has been showing errors for about a week. I did the short smart test which came back fine and took the disk out, connected to PC and ran Seagate diagnostics which came back fine.
I think it's probably on it's way out but any way I be a bit more confident? Could it be something else like the connection from HBA to Backplane or similar?
Thanks,
-
On 10/1/2023 at 1:10 PM, JorgeB said:
Found out yesterday that there's a bug if you have more than 6 included disks for a share, remove all and use excluded disks instead, that should work until the bug is fixed.
Thanks. I'll give this a go and report back!
-
@JorgeB Unfortunately issue has started again. Attached fresh diags. Same message in syslog "No Space left on device". 2 disks have 7TB free.
-
thanks.
EDIT: So I changed the minimum space on the share from 50GB to 160GB and that seems to have solved the issue.
-
Thanks for the info. I have changed all shares split levels to "automatically split any directory" and allocation to "most-free". unraid is still trying to move to disks with 50GB free instead of disks with 8TB free. Anything else I should check?
Syslog still showing "No space left on device" during move process.
-
As per title, mover is saying disks are full (log) but I have disks with available space? Why is mover trying to copy to full disks instead of those with available space?
Diag attached. Appreciate any assistance.
buzz-diagnostics-20230917-1351.zip
-
Hi,
I'm struggling with high CPU load and server becoming unresponsive occasionally. Any ideas?
I do have Sab do direct unpack (unpacking whilst download etc), might I need to CPU pin certain applications to prevent them making the system sluggish? Nothing writes to the array directly (Mover runs daily at 11AM), everything writes to 4TB NVME.
buzz-diagnostics-20230724-1625.zip
-
My USB key was failing. I replaced it (followed official guide) and got the same "SyntaxError: Unexpected number in JSON at position 1" error when trying to replace the key.
I have logged a support case. My NAS is unusable for an indeterminate amount of time. Poor process that needs improving.
-
3 minutes ago, bonienl said:
I made an updated version 2021.05.20a, please try again.
Seems to be fine now. Thanks for resolving.
-
2 hours ago, Tigger30926 said:
Hi everyone,
I tried to install the update (2021.05.20) today and I only get this error.plugin: updating: dynamix.system.temp.plg
plugin: run failed: /bin/bash retval: 1Can someone tell me how to solve this error?
Thanks a lot
Same issue here. @bonienl
-
thanks for response. still confused as all looks fine.
-
Well I run mover, they move to array. Then it happens again, not sure what to do to test further?
-
radarr. But my container config hasn't changed, only thing that has changed is that I added the second cache pool a few weeks ago and changed the share to cache the new pool.
-
Any idea why this is happening?
-
I'm running a LSI 9201 16i without issues here. Not QNAP though. 6.9.1
-
3 minutes ago, GaryBellars said:
Hi SpuddyUK, not port forwarding anything to my knowledge. I believe my password was just the default one
I'm going to say you probably are forwarding http/https to the unraid host and that you didn't have a root password. I.E anyone on the internet could access your unraid box.
-
Are you port forwarding anything to the unraid box? Is your root password suitably complex?
-
11 minutes ago, limetech said:
We limit logins processed by nginx in this manner:
# # limit the amount of failed auth requests per IP address # limit_req_zone \$binary_remote_addr zone=authlimit:1m rate=30r/m; : location /login { allow all; limit_req zone=authlimit burst=20 nodelay; try_files /login.php =404; include fastcgi_params; }Absolutely not. This feature has been in development for a long time and a lot of the delay in release, even for beta, has been around security concerns.
We very much appreciate your feedback.
Thanks for the considered response and for being open about it. Happy to take anything offline where helpful.
Rate-limiting a great tool to employ as part of a wider security hardening toolkit. Unfortunately, with botnets the above will do little to prevent a brute-force of root on a specific server. All those hundreds of thousands if not millions of IoT devices that have been compromised will do their business for them from individual IP addresses. Fail2Ban suffers similarly. This is why layers are so important.
Let me be clear, I am a paid customer and enthusiast of unraid. I even quite like the features this offers in principle. However, my fear is that savvy users whom require remote access have already arranged it with something like VPN, WireGuard the like. We might be sweeping the rest along here into remote access with root and "rootpassword".
Additionally, I would suggest some security auditing of the code/api if you haven't already done so. Better to pay someone to find potential routes to compromise than being held over a barrel. Bug bounty could be beneficial, free license/$500/xyz for each vulnerability rated x or above.
I will keep an eye on this to see how it develops.
Thanks for engaging.
-
1
-
-
2 minutes ago, limetech said:
That is correct. If you enable Remote Access this requires a port-forward in your router. You must use a strong wegGUI password (or what @SpuddyUK calls a complex password) and consider using a non-standard external port.
Perhaps you can shed some light on what would be sufficiently complex?
Opinions differ but consensus is generally at least 12 characters to include all of the four categories of lower-case, upper-case, number(s) and symbol(s).
Of course you can lead a horse to water but not make them drink, so there is a risk of Password01!!, so any logic around preventing those type of passwords would probably be helpful too. There are countless lists online of the 100 most used passwords that you might be able to reference and prevent being used/saved.
-
3 minutes ago, repomanz said:
Agree - it's a great step in the right direction. For future updates I'm hoping to see some further hardening. Can someone explain the technical authentication details of how the remote access works? Is it my login, pass, 2fa token plus a unique generated ssh key? If those credentials fail what occurs? Block, Reject or hold the session open for a period of minutes?As I see it, 2FA is not required if you directly access https://yourhash.unraid.net, only if you login via the forum.
-
12 minutes ago, jonathanm said:
People have been opening up their Unraid servers and getting hacked for years.
only this time it's being actively endorsed by limetech. Maybe in addition to the 2fa for gui login and fail2ban for x failed login attempts, there might be a requisite for a complex root password to even enable "my servers".
p.s I am a cyber security researcher.
Hello lovely treasure trove of unraid servers to have a go at. This list is only going to increase as people enable the feature and search engines crawl.
Docker container causes unraid to have a meltdown.
in General Support
Posted
This looks promising. I'll give this a go! Thank you @JorgeB.