Someone got in my back door... giggity


Recommended Posts

I was working on containers today when I noticed one that I didn't recognize.   A little digging revealed that someone recently created a container on my server without my knowledge and it was mining bitcoin and sending the data back to the hacker.  I have cut off the traffic on my firewall, but I'm really curious to know as to how the heck they got in.  Any ideas?  To be fair, I did have a non-standard port opened on the firewall for access to the admin page.


Link to comment
32 minutes ago, iamgadgetman said:

I did have a non-standard port opened on the firewall for access to the admin page.


32 minutes ago, iamgadgetman said:

how the heck they got in.

I believe you answered your own question. Once they have access to the Unraid GUI, they have complete control. You must secure any access with a VPN tunnel or something similar, i.e. teamviewer or other secure remote access through another machine on the LAN

  • Like 1
  • Haha 1
Link to comment

@jonathanm I agree.  I had honestly forgotten that it was there lol.

@tjb_altf4 the only thing is that I didn't set up anything at that time, that I know of.  It won't even let me look at the console.


It's also oddly set up.


Take a look at the logs.  I eventually blocked the outbound TCP port, so I could keep the container without worrying about it getting out.



  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.