iamgadgetman Posted January 10, 2021 Share Posted January 10, 2021 I was working on containers today when I noticed one that I didn't recognize. A little digging revealed that someone recently created a container on my server without my knowledge and it was mining bitcoin and sending the data back to the hacker. I have cut off the traffic on my firewall, but I'm really curious to know as to how the heck they got in. Any ideas? To be fair, I did have a non-standard port opened on the firewall for access to the admin page. Quote Link to comment
JonathanM Posted January 10, 2021 Share Posted January 10, 2021 32 minutes ago, iamgadgetman said: I did have a non-standard port opened on the firewall for access to the admin page. 32 minutes ago, iamgadgetman said: how the heck they got in. I believe you answered your own question. Once they have access to the Unraid GUI, they have complete control. You must secure any access with a VPN tunnel or something similar, i.e. teamviewer or other secure remote access through another machine on the LAN 1 1 Quote Link to comment
tjb_altf4 Posted January 11, 2021 Share Posted January 11, 2021 2 hours ago, iamgadgetman said: I was working on containers today when I noticed one that I didn't recognize. You probably created it yourself, if you omit a name it generates one for you https://github.com/moby/moby/blob/master/pkg/namesgenerator/names-generator.go Quote Link to comment
iamgadgetman Posted January 17, 2021 Author Share Posted January 17, 2021 @jonathanm I agree. I had honestly forgotten that it was there lol. @tjb_altf4 the only thing is that I didn't set up anything at that time, that I know of. It won't even let me look at the console. It's also oddly set up. Take a look at the logs. I eventually blocked the outbound TCP port, so I could keep the container without worrying about it getting out. admiring_noyce.log.txt 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.