March 31, 20215 yr Yesterday I noticed my cpu was maxed out and found a docker that I had not added was running. "zealous_wu". I stopped and removed it and everything returned to normal. this morning i have another docker that appeared 2 hours ago called "fervent_roentgen". Is my system infected and what should I do?
March 31, 20215 yr Community Expert Have you allowed access to your server from outside your LAN? Go to Tools - Diagnostics and attach the complete Diagnostics ZIP file to your NEXT post in this thread.
March 31, 20215 yr Review this: https://forums.unraid.net/topic/104669-warning-unraid-servers-exposed-to-the-internet-are-being-hacked/
March 31, 20215 yr Community Expert Not much to see in syslog since immediately after reboot. 1 hour ago, trurl said: Have you allowed access to your server from outside your LAN?
March 31, 20215 yr @Touchy Have you put your server in the DMZ or have you allowed outside access to your machine?
March 31, 20215 yr Docker containers are titled with an adjective followed by a scientist by default if they are unnamed locally.
March 31, 20215 yr Community Expert 2 minutes ago, sparklyballs said: Docker containers are titled with an adjective followed by a scientist by default if they are unnamed locally. I know docker created those names. We suspect someone has hacked the user and created a docker on their machine, likely crypto mining or some such. Other cases of that and even worse happening to new users lately, hence the link Squid posted above.
March 31, 20215 yr 12 minutes ago, trurl said: I know docker created those names. We suspect someone has hacked the user and created a docker on their machine, likely crypto mining or some such. Other cases of that and even worse happening to new users lately, hence the link Squid posted above. Need to run Quote docker ps -a to get the image name that the container is using and find out where the image is coming from and what it is. Edited March 31, 20215 yr by sparklyballs code block
March 31, 20215 yr Author Thank you guys. I had port 8080 and 80 open since I was making some adjustments remotely. I've now removed those port forwards so we'll see how that goes.
Archived
This topic is now archived and is closed to further replies.