Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Error: Possible Hack Attempt

Featured Replies

Good morning. I am hoping someone can help me as I am not that technically minded but I have in the last couple of days got email warnings to say possible hack attempts. I am not sure where it is coming from or how or on any port. I have changed password on my router, on Unraid and anything else I can think of. Can anyone point me in the right direction as to what else I need to do or see where this is coming from please. I have attached a few screen shots of the syslog if that helps.

syslog1.jpg

syslog2.jpg

syslog3.jpg

A computer on your local network named Desktop-PC-2?

  • Author

I do have a laptop and a desktop and the name on the desktop pc is Desktop-PC. it is not called Desktop-PC-2, which i thought was a bit odd.

Also, as I know the password to the server, I would not have got it wrong 17 or 18 times.

 

Any further thoughts as I have today checked the desktop for viruses using AVG and any malicious malware using Malwarebytes and both show as clean on Desktop-PC

 

thanks in advance.

 

  • Author

No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else.

 

thanks for your help.

First thing to do is to convert the name back to an IP address.   You can do this with:

nslookup DESKTOP-PC-2.local

Now look for the device on your network with that IP address.

Edited by remotevisitor

4 hours ago, russ2021 said:

No, nobody else shares the LAN. There is only my wife and me and she does not use the computers. the only thing connected to Unraid that is accessible from the outside is Plex and that is only to a few family members and i also have some security IP cameras but these are not even connected to unraid, but are on the local network and I can connect to them via the web. Other than the usual sky tv and other household items that use the home Wi-Fi, I have nothing else.

 

thanks for your help.

If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story.

If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password).

  • Author

Doesn't seem to show any information when i put this into a command prompt.

 

see below

 

 

Screenshot_1.png

Who is 192.168.10.10?

The device logged in some time after the failed attempts

Edited by ghost82

  • Author
1 minute ago, ghost82 said:

If you have wifi enabled in your main router with wpa/wpa2/wep check from your router page, in the wifi statistics, that nobody is stealing your wifi: it's so easy to crack the wpa/wpa2 wifi password if it can be found with a dictionary attack, or with other methods..but this is another story.

If the wifi is in the same network of the wired network an external attacker from wifi can access the whole local area network, including your unraid server (but it seems that failed since you have 1 more layer protection --> the webgui password).

thanks for this. i have a virgin media hub, but not sure in the router page/wifi statistics what i am looking for..

My router wifi is on the same network and below are the current setting. Thanks.

 

 

Screenshot_2.png

  • Author
1 minute ago, ghost82 said:

Who is 192.168.10.10?

The device logged in as soon after the failed attempts

192.168.10.10 is the main DESKTOP-PC as below, but it has never been called DESKTOP-PC-2

 

 

Screenshot_3.png

5 minutes ago, russ2021 said:

but not sure in the router page/wifi statistics what i am looking for..

Usually in the statistics page there is a list of mac addresses of connected devices:

Something like this:

wifi.thumb.png.a20597aa6dd8826e61eeef442c26a5ad.png

From there you can see my wifi receiver has 2 clients connected, who can be identified with their mac address.

 

You are in the wrong page, that is the security settings of your wifi.

49 minutes ago, russ2021 said:

Doesn't seem to show any information when i put this into a command prompt.

Try with ping:

ping DESKTOP-PC-2.local

nslookup "can fail" because of the dns, see my example where I have configured google dns.

ping.png.5e94825e7861dbeb2539a04f5ffa89c4.png

Edited by ghost82

  • Author
5 hours ago, ghost82 said:

Try with ping:


ping DESKTOP-PC-2.local

nslookup "can fail" because of the dns, see my example where I have configured google dns.

ping.png.5e94825e7861dbeb2539a04f5ffa89c4.png

no, ping not finding anything. This is very weird.

 

Screenshot_4.png

You don’t happen to run any VMs on your Desktop?

 

They might be given the name of the host with the numeric postfix.

  • Author
13 hours ago, remotevisitor said:

You don’t happen to run any VMs on your Desktop?

 

They might be given the name of the host with the numeric postfix.

 

No, sorry, i don't run any VM's

  • Author
6 hours ago, ChatNoir said:

Or several sessions open on the same computer ?

no, this is usually in standby mode as i tend to use my laptop more, so no multiple sessions that i know of.

Is the issue ongoing, or are you just trying to analyze this specific instance? 

  • Author
6 hours ago, jonathanm said:

Is the issue ongoing, or are you just trying to analyze this specific instance? 

no, I don't think so. I still get the daily email, but I guess I will until I click ignore error, which I don't want to until I get to the bottom of it.

6 hours ago, russ2021 said:

I still get the daily email, but I guess I will until I click ignore error

Better to reboot since it is just seeing those in syslog and syslog will reset on reboot. Then if it happens again you will know. If instead you ignore it then you won't know.

  • Author

thanks all. However, i changed all passwords, on everything from the router, the root to unraid, all the wifi passwords and got the below alert this morning.

i am at a loss now what to do. i have scanned the desktop=pc with anti virus as welll as malwarebytes and nothing found.

 

 

June 5th.png

Screenshot_5.png

Screenshot_6.png

Screenshot_7.png

27 minutes ago, russ2021 said:

and got the below alert this morning

Some antivirus, especially those with "internet smart protection" may cause these alerts.

  • Author
2 hours ago, ghost82 said:

Some antivirus, especially those with "internet smart protection" may cause these alerts.

but why would anti virus be trying to access "root" and "unknown" from my desktop pc? just seems odd. i am currently in the middle of factory setting the desktop pc, then we will see if it keeps happening. Pretty drastic i know, but i have back up of any documents.

Example of a device on the network "helpfully?" trying to hack into other devices.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.