iamgadgetman 3 Posted January 10 Share Posted January 10 I was working on containers today when I noticed one that I didn't recognize. A little digging revealed that someone recently created a container on my server without my knowledge and it was mining bitcoin and sending the data back to the hacker. I have cut off the traffic on my firewall, but I'm really curious to know as to how the heck they got in. Any ideas? To be fair, I did have a non-standard port opened on the firewall for access to the admin page. Quote Link to post
jonathanm 1211 Posted January 10 Share Posted January 10 32 minutes ago, iamgadgetman said: I did have a non-standard port opened on the firewall for access to the admin page. 32 minutes ago, iamgadgetman said: how the heck they got in. I believe you answered your own question. Once they have access to the Unraid GUI, they have complete control. You must secure any access with a VPN tunnel or something similar, i.e. teamviewer or other secure remote access through another machine on the LAN 1 1 Quote Link to post
tjb_altf4 94 Posted January 11 Share Posted January 11 2 hours ago, iamgadgetman said: I was working on containers today when I noticed one that I didn't recognize. You probably created it yourself, if you omit a name it generates one for you https://github.com/moby/moby/blob/master/pkg/namesgenerator/names-generator.go Quote Link to post
iamgadgetman 3 Posted January 17 Author Share Posted January 17 @jonathanm I agree. I had honestly forgotten that it was there lol. @tjb_altf4 the only thing is that I didn't set up anything at that time, that I know of. It won't even let me look at the console. It's also oddly set up. Take a look at the logs. I eventually blocked the outbound TCP port, so I could keep the container without worrying about it getting out. admiring_noyce.log.txt 1 Quote Link to post
4 posts in this topic Last Reply
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.