January 10, 20215 yr I was working on containers today when I noticed one that I didn't recognize. A little digging revealed that someone recently created a container on my server without my knowledge and it was mining bitcoin and sending the data back to the hacker. I have cut off the traffic on my firewall, but I'm really curious to know as to how the heck they got in. Any ideas? To be fair, I did have a non-standard port opened on the firewall for access to the admin page.
January 10, 20215 yr 32 minutes ago, iamgadgetman said: I did have a non-standard port opened on the firewall for access to the admin page. 32 minutes ago, iamgadgetman said: how the heck they got in. I believe you answered your own question. Once they have access to the Unraid GUI, they have complete control. You must secure any access with a VPN tunnel or something similar, i.e. teamviewer or other secure remote access through another machine on the LAN
January 11, 20215 yr 2 hours ago, iamgadgetman said: I was working on containers today when I noticed one that I didn't recognize. You probably created it yourself, if you omit a name it generates one for you https://github.com/moby/moby/blob/master/pkg/namesgenerator/names-generator.go
January 17, 20215 yr Author @jonathanm I agree. I had honestly forgotten that it was there lol. @tjb_altf4 the only thing is that I didn't set up anything at that time, that I know of. It won't even let me look at the console. It's also oddly set up. Take a look at the logs. I eventually blocked the outbound TCP port, so I could keep the container without worrying about it getting out. admiring_noyce.log.txt
Archived
This topic is now archived and is closed to further replies.