Warning: Unraid Servers exposed to the Internet are being hacked


61 posts in this topic Last Reply

Recommended Posts

  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Hello Unraid Community!   It has come to our attention that in recent days, we've seen a significant uptick in the amount of Unraid server's being compromised due to poor security practices.

You seem to believe that unRAID is a full Linux distribution.  It is not.  It may never implement users, permissions and security in the way you would expect of a full Linux distro or any other OS.

A few suggestions if I may, from my experiences in the Cloud Infrastructure World;   First, Reviewing Docker Folder Mappings (and to some extent VM Shares).   Do all you Docker Con

Posted Images

I saw this coming from a mile away when the feature was advertised via the plugin. Port forward can be quite dangerous if not done right. I rather use openvpn still for that. 

 

Thanks @jonp for the post!!

Link to post

Securing a tunnelwithe openvpn or wireguard is nice, but a unsecured door is still an unsecure door...

 

There is a spof in every home, your isp router. Usually, for economic reason, this box are low grade quality, sometimes without firewall or even set with an admin/admin like password never change by the users and can be ( not so easy but feasible ) access through wifi ( as for my neighbours , both of them, with 2 different isp )

 

When done, their network are simply open.

 

At that time, forget your nicely done tunnel.

 

Adding one more security layer like a F2A/fido validation for the sign-in is not so stupid.

 

 

 

 

Link to post
  • 3 weeks later...

Thanks for the sharing on security. I often need to access unRaid GUI while I'm out on a trip. I used to use OpenVPN to connect to home and access the management gui from LAN.

 

Now with 6.9.2 I have the port forwarding setup for HTTPS to unRaid and it's the only port I am exposing on the internet. A strong root password has been set and all other services are behind my firewall.

 

So now my question is: Is it equally safe to access my server this way compare to accessing through OpenVPN?

Link to post
20 minutes ago, aarontry said:

Is it equally safe to access my server this way compare to accessing through OpenVPN?

No, it trades security for convenience. A properly configured VPN means only encryption key configured and credentialed endpoints can gain access instead of only requiring a browser and password.

 

However, in the context of this thread, it seems to be secure enough for the moment, as the hacked servers invariably seemed to have blank root passwords.

Link to post
1 minute ago, jonathanm said:

No, it trades security for convenience. A properly configured VPN means only encryption key configured and credentialed endpoints can gain access instead of only requiring a browser and password.

 

However, in the context of this thread, it seems to be secure enough for the moment, as the hacked servers invariably seemed to have blank root passwords.

The only vulnerability I can think of regarding the security of unRaid Server in this context is there might be undiscovered security issues that allow attackers to bypass the form based login and gain access to other services.  

Link to post
10 hours ago, aarontry said:

I often need to access unRaid GUI while I'm out on a trip.

Very easy to do this, just setup WireGuard. I can access my whole LAN that way. WireGuard is builtin to Unraid.

 

Then, you will have the situation where

10 hours ago, jonathanm said:

only encryption key configured and credentialed endpoints can gain access

 

Link to post
17 hours ago, trurl said:

Very easy to do this, just setup WireGuard. I can access my whole LAN that way. WireGuard is builtin to Unraid.

 

Then, you will have the situation where

 

What's the purpose of the new plugin (unraid.net) if VPN is the preferred way of accessing unRaid? I already have the VPN setup and I am considering switching to the plugin instead. 

Link to post
1 hour ago, aarontry said:

What's the purpose of the new plugin (unraid.net) if VPN is the preferred way of accessing unRaid? I already have the VPN setup and I am considering switching to the plugin instead. 

 

The remote access feature of the plugin may not be quite as secure as using a VPN but it is much easier (and thus less error prone) for the naïve user to set up.   The plugin does, however, have other features that you can use even if you do not intend to use the remote access feature.

Link to post
On 4/17/2021 at 9:16 AM, tech_rkn said:

I saw the F2A for the forum. Nice.

How about F2A for unRAID himself ?

I am using my yubikey on almost every accounts/services I have, except my own unRAID...

 

 

+1 to this. TOTP 2FA code implementation would be a welcome feature addition. 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.