Ritzer

Members
  • Posts

    18
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Ritzer's Achievements

Noob

Noob (1/14)

2

Reputation

  1. Thanks, I was just wondering if I got exposed to some XSS attacks. I'm behind an external firewall but can't 100% trust the local network.
  2. Guys please, can someone check if they get the same logs in /Apps? Thanks
  3. Maybe give this one a try: https://hub.docker.com/r/bitnami/wordpress/ I'll test it out soon.
  4. Unfortunately I've tried but the Docker image is crap, it always forces port 80 no matter what, so it will force all your resources over port 80 even if you are browsing with HTTPs (upgrade from Caddy or Cloudflare Tunnels etc).
  5. I just installed this one and seems to work so far:
  6. Every time I go to /Apps I can see few console log messages: The origin of the logs seems to be this one: Why are these logs showing up? Have they been forgotten by the developer, is it a plugin or is the system compromised? Diagnostics here.
  7. @Kru-x Recently, for some reason Wordpress does not show anymore for me when searching for apps, already posted it here. It was showing a few days ago. Were there any changes recently that make it incompatible or something? Kinda desperate...
  8. Diagnostics unraid-diagnostics-20240130-0009.zip
  9. Diagnostics unraid-diagnostics-20240130-0009.zip
  10. Looking at this video (minute 1:33) there's a search for Wordpress, and this is the result: However... in my Unraid instance I cannot find it, why? I was able to see it few days ago.
  11. Every time I go to /Apps I can see few console log messages: The origin of the logs seems to be this one: Why are these logs showing up? Have they been forgotten by the developer, is it a plugin or is the system compromised?
  12. Attached the log with today's logs. unraid-diagnostics-20230410-2242.zip
  13. I also have to mention that during the time Unraid was exposed to the internet, the router had IP-V6 DHCP enabled and if I reckon correctly I seen IP-V6 in both Unraid and all dockers. Currently routers IP-V6 DHCP is turned off and firewall blocking incoming connections. I've also seen a lot of these errors in syslog.txt, are these normal? Apr 9 05:00:01 UNRAID move: move_object: //..c/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..r/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..r/... Apr 9 05:00:01 UNRAID move: move_object: //..r/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..f/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..f/... Apr 9 05:00:01 UNRAID move: move_object: //..f/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..f/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..f/... Apr 9 05:00:01 UNRAID move: move_object: //..f/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..h/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..h/... Apr 9 05:00:01 UNRAID move: move_object: //..h/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..h/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..h/... Apr 9 05:00:01 UNRAID move: move_object: //..h/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..4/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..4/... Apr 9 05:00:01 UNRAID move: move_object: //..4/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..g/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..g/... Apr 9 05:00:01 UNRAID move: move_object: //..g/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..t/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..t/... Apr 9 05:00:01 UNRAID move: move_object: //..t/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..r/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..r/... Apr 9 05:00:01 UNRAID move: move_object: //..r/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..p/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..p/... Apr 9 05:00:01 UNRAID move: move_object: //..p/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..d/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..d/... Apr 9 05:00:01 UNRAID move: move_object: //..d/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..n/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..n/... Apr 9 05:00:01 UNRAID move: move_object: //..n/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..p/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..p/...
  14. Due to a firewall misconfiguration unraid System was exposed to the internet for few weeks, meaning no port was filtered/blocked so everything was open wide. This caused one of my Docker images (qBittorrent) to get a crypto miner (xmrig). I've found it out just because half of my cpu cores were running at 100%. Killed the xmrig process, it lived inside the qBittorrent's docker. Deleted qBittorrent's docker completely and set it up again together with the firewall. Attached the logs as I cannot find how did the attacker do this. Another question is... what else could have been compromised? unraid-diagnostics-20230409-1648.7z