Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unknown docker container running xmrig

Featured Replies

So today I noticed 4 of the 8 threads on my UnRaid server was running pinned at 100%.  At first I thought it was one of my VMs running screwy, but instead I found a docker container I'd never seen before.

 

It was named gallant_snyder and it was running xmrig which appears to be a crypto-miner.

 

The really odd thing is that I've haven't installed any new docker containers or community apps in years, just updated the ones I started with.  So I'm really worried now wondering how it got installed in the first place.

 

Docker Containers:

NoIp

iPXE-buildweb

 

Apps:

Community Apps

CA Fix Common Problems

Dynamix Local Master

Dynamix SSD Trim

Disable Security Mitigations

Dynamix System Info

Preclear Disk

Wake On Lan

 

Any ideas how this may have happened?  Any steps I should take to prevent this?

  • Community Expert

Do you allow access to your server from the internet?

 

Go to Tools - Diagnostics and attach the complete Diagnostics ZIP file to your NEXT post in this thread.

  • Author

Hmm, I do have a random high port number forwarded through my firewall for remote access to the web admin.

 

Requested diagnostic attached.

server-diagnostics-20210205-1558.zip

1 hour ago, PerformCPU said:

Hmm, I do have a random high port number forwarded through my firewall for remote access to the web admin.

That is not normally a good idea - robots are good for scanning for ports.

 

the only secure way to access unRaid from the internet is to use a VPN and since unRAID has the WireGuard VPN software built in it is the recommended way to set up secure access to your server for remote admin.

  • Community Expert

HACKED!!!

 

Dec 30 09:05:20 SERVER nginx: 2020/12/30 09:05:20 [error] 8506#8506: *8967102 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 178.128.163.10, server: , request: "GET /system_api.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "107.179.228.5:8006"
...
Jan 20 07:26:44 SERVER nginx: 2021/01/20 07:26:44 [error] 8506#8506: *12742830 open() "/usr/local/emhttp/c/version.js" failed (2: No such file or directory), client: 167.99.241.151, server: , request: "GET /c/version.js HTTP/1.1", host: "107.179.228.5:8006"
...
Jan 27 12:34:37 SERVER nginx: 2021/01/27 12:34:37 [error] 8506#8506: *13851431 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 64.227.97.101, server: , request: "GET /system_api.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "107.179.228.5:8006"
...

https://www.abuseipdb.com/check/178.128.163.10   UK

https://www.abuseipdb.com/check/167.99.241.151   Germany

https://www.abuseipdb.com/check/64.227.97.101    USA

 

Also looks like you have a problem with cache disk.

Feb  4 09:03:08 SERVER kernel: sd 1:0:5:0: [sdg] tag#537 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08
Feb  4 09:03:08 SERVER kernel: sd 1:0:5:0: [sdg] tag#537 Sense Key : 0x5 [current] 
Feb  4 09:03:08 SERVER kernel: sd 1:0:5:0: [sdg] tag#537 ASC=0x21 ASCQ=0x0 
Feb  4 09:03:08 SERVER kernel: sd 1:0:5:0: [sdg] tag#537 CDB: opcode=0x42 42 00 00 00 00 00 00 00 18 00
Feb  4 09:03:08 SERVER kernel: print_req_error: critical target error, dev sdg, sector 1953277894
Feb  4 09:03:08 SERVER kernel: BTRFS warning (device sdg1): failed to trim 1 device(s), last error -121

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.