Someone got in my back door... giggity

4 posts in this topic Last Reply

Recommended Posts

I was working on containers today when I noticed one that I didn't recognize.   A little digging revealed that someone recently created a container on my server without my knowledge and it was mining bitcoin and sending the data back to the hacker.  I have cut off the traffic on my firewall, but I'm really curious to know as to how the heck they got in.  Any ideas?  To be fair, I did have a non-standard port opened on the firewall for access to the admin page.


Link to post
32 minutes ago, iamgadgetman said:

I did have a non-standard port opened on the firewall for access to the admin page.


32 minutes ago, iamgadgetman said:

how the heck they got in.

I believe you answered your own question. Once they have access to the Unraid GUI, they have complete control. You must secure any access with a VPN tunnel or something similar, i.e. teamviewer or other secure remote access through another machine on the LAN

  • Like 1
  • Haha 1
Link to post

@jonathanm I agree.  I had honestly forgotten that it was there lol.

@tjb_altf4 the only thing is that I didn't set up anything at that time, that I know of.  It won't even let me look at the console.


It's also oddly set up.


Take a look at the logs.  I eventually blocked the outbound TCP port, so I could keep the container without worrying about it getting out.



Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.