-
[Plug-In] Community Applications
Thanks, I was just wondering if I got exposed to some XSS attacks. I'm behind an external firewall but can't 100% trust the local network.
-
[Plug-In] Community Applications
-
[Support] kru-x - wordpress
Maybe give this one a try: https://hub.docker.com/r/bitnami/wordpress/ I'll test it out soon.
-
[Support] kru-x - wordpress
Unfortunately I've tried but the Docker image is crap, it always forces port 80 no matter what, so it will force all your resources over port 80 even if you are browsing with HTTPs (upgrade from Caddy or Cloudflare Tunnels etc).
-
[Support] kru-x - wordpress
-
[Plug-In] Community Applications
Every time I go to /Apps I can see few console log messages: The origin of the logs seems to be this one: Why are these logs showing up? Have they been forgotten by the developer, is it a plugin or is the system compromised? Diagnostics here.
-
[Support] kru-x - wordpress
@Kru-x Recently, for some reason Wordpress does not show anymore for me when searching for apps, already posted it here. It was showing a few days ago. Were there any changes recently that make it incompatible or something? Kinda desperate...
-
6.12.6 Strange console log messages
Diagnostics unraid-diagnostics-20240130-0009.zip
-
6.12.6 Can't find App
Diagnostics unraid-diagnostics-20240130-0009.zip
-
Ritzer started following Compromised system , 6.12.6 Can't find App and 6.12.6 Strange console log messages
-
6.12.6 Can't find App
Looking at this video (minute 1:33) there's a search for Wordpress, and this is the result: However... in my Unraid instance I cannot find it, why? I was able to see it few days ago.
-
6.12.6 Strange console log messages
Every time I go to /Apps I can see few console log messages: The origin of the logs seems to be this one: Why are these logs showing up? Have they been forgotten by the developer, is it a plugin or is the system compromised?
-
Compromised system
Did anyone check it?
-
Compromised system
Attached the log with today's logs. unraid-diagnostics-20230410-2242.zip
-
Compromised system
I also have to mention that during the time Unraid was exposed to the internet, the router had IP-V6 DHCP enabled and if I reckon correctly I seen IP-V6 in both Unraid and all dockers. Currently routers IP-V6 DHCP is turned off and firewall blocking incoming connections. I've also seen a lot of these errors in syslog.txt, are these normal? Apr 9 05:00:01 UNRAID move: move_object: //..c/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..r/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..r/... Apr 9 05:00:01 UNRAID move: move_object: //..r/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..f/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..f/... Apr 9 05:00:01 UNRAID move: move_object: //..f/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..f/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..f/... Apr 9 05:00:01 UNRAID move: move_object: //..f/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..h/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..h/... Apr 9 05:00:01 UNRAID move: move_object: //..h/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..h/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..h/... Apr 9 05:00:01 UNRAID move: move_object: //..h/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..4/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..4/... Apr 9 05:00:01 UNRAID move: move_object: //..4/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..g/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..g/... Apr 9 05:00:01 UNRAID move: move_object: //..g/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..t/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..t/... Apr 9 05:00:01 UNRAID move: move_object: //..t/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..r/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..r/... Apr 9 05:00:01 UNRAID move: move_object: //..r/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..p/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..p/... Apr 9 05:00:01 UNRAID move: move_object: //..p/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..d/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..d/... Apr 9 05:00:01 UNRAID move: move_object: //..d/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..n/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..n/... Apr 9 05:00:01 UNRAID move: move_object: //..n/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..p/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..p/...
-
Compromised system
Due to a firewall misconfiguration unraid System was exposed to the internet for few weeks, meaning no port was filtered/blocked so everything was open wide. This caused one of my Docker images (qBittorrent) to get a crypto miner (xmrig). I've found it out just because half of my cpu cores were running at 100%. Killed the xmrig process, it lived inside the qBittorrent's docker. Deleted qBittorrent's docker completely and set it up again together with the firewall. Attached the logs as I cannot find how did the attacker do this. Another question is... what else could have been compromised? unraid-diagnostics-20230409-1648.7z
Ritzer
Members
-
Joined
-
Last visited