Mr. Digital Posted June 20, 2021 Share Posted June 20, 2021 So a few weeks ago i went to login to my unraid via the http url and it gave me error 503.. so i hooked up the monitor to the box and tried to login and the login prompt froze the box only option was to do a reset using the reset button.. which the machine failed to boot missing the boot image. so i put the USB into a windows computer.. and it was empty. i installed a fresh copy of unraid onto a new usb stick and moved the license over.. booted it back up and reassiigned the drives in the proper slots.. and ALL my data was gone the drives themselves were all wiped as well. so i copied my backups to unraid and my machine was back. TODAY. i had the same error 503.. login prompt was frozen .. reset showed the boot image was in fact missing again... putting my usb back in the windows computer showed it was wiped reloading unraid again to the usb stick and booting back into unraid showed all my data drives were wiped yet again..... anyone have any clue as to why this keeps happening? Quote Link to comment
itimpi Posted June 20, 2021 Share Posted June 20, 2021 7 minutes ago, Mr. Digital said: So a few weeks ago i went to login to my unraid via the http url and it gave me error 503.. so i hooked up the monitor to the box and tried to login and the login prompt froze the box only option was to do a reset using the reset button.. which the machine failed to boot missing the boot image. so i put the USB into a windows computer.. and it was empty. i installed a fresh copy of unraid onto a new usb stick and moved the license over.. booted it back up and reassiigned the drives in the proper slots.. and ALL my data was gone the drives themselves were all wiped as well. so i copied my backups to unraid and my machine was back. TODAY. i had the same error 503.. login prompt was frozen .. reset showed the boot image was in fact missing again... putting my usb back in the windows computer showed it was wiped reloading unraid again to the usb stick and booting back into unraid showed all my data drives were wiped yet again..... anyone have any clue as to why this keeps happening? this should not be possible to happen by accident and implies a malicious actor. Do you have your server exposed to the internet? This could be by putting it into DMZ on the router, or by forwarding the UnRaid management port in the router. There has been a spate of users doing this; then getting hacked; and finally deletions happening on the server. if you want to allow remote access to your server you should be using a VPN (WireGuard VPN is built into UnRaid). Quote Link to comment
Mr. Digital Posted June 20, 2021 Author Share Posted June 20, 2021 Server is not exposed to the internet. at all. i don't even allow the https/http url though Quote Link to comment
itimpi Posted June 20, 2021 Share Posted June 20, 2021 1 minute ago, Mr. Digital said: Server is not exposed to the internet. at all. i don't even allow the https/http url though in which case I would be concerned that there is some other device on the local LAN that has been compromised. if it was just the USB then it could perhaps simply be a USB drive problem, but the array drives being wiped as well takes deliberate action. I guess another possibility is that you are running a Docker container that has been compromised? Quote Link to comment
Mr. Digital Posted June 20, 2021 Author Share Posted June 20, 2021 (edited) I wonder if someone compromised one of Binhex's Dockers. or the hoobs docker the dockers i was running were Binhex's DelugeVPN, Sonarr, Radarr as well as Emby and Hoobs Edited June 20, 2021 by Mr. Digital Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.