sheldz8 Posted August 3, 2021 Share Posted August 3, 2021 I was recently attacked with !0XXX ransomware on my UnRAID Server It only affected one share instead of all of shares I had the SMB port open (which is no longer open on my router) so that I can access it over the network with DuckDns but under the shares tab they are all set to private and it uses a standard user with password. Based on the below link on Reddit I don't think it was something that was downloaded because Radarr / Sonarr can't execute files and it occurred during the night while I was sleeping. https://www.reddit.com/r/unRAID/comments/ovuxry/0xxx_ransomware_0xxx_support_topic_page_3/ I had the port open for one reason and that was to use the OpenDrive application on my work Windows computer to upload from one of the shares (unaffected) it only affected a share that wasn't in use by the OpenDrive Application. https://www.bleepingcomputer.com/forums/t/753400/0xxx-nas-ransomware-0xxx-support-topic/page-3 This ransomware only affected Linux users globally in the past week and everyone on the above link suspects Samba is the cause. Quote Link to comment
itimpi Posted August 3, 2021 Share Posted August 3, 2021 Was there a reason you were not using a VPN link (via WireGuard on Unraid) which would be much more secure? Quote Link to comment
sheldz8 Posted August 3, 2021 Author Share Posted August 3, 2021 (edited) I've never heard of that before, I only used the SMB when I wasn't at home, Is WireGuard similar to OpenVPN? I thought OpenVPN was only supposed to be used to access the main page I'm still new to UnRAID Edited August 3, 2021 by sheldz8 Quote Link to comment
itimpi Posted August 3, 2021 Share Posted August 3, 2021 1 hour ago, sheldz8 said: I've never heard of that before, I only used the SMB when I wasn't at home, Is WireGuard similar to OpenVPN? I thought OpenVPN was only supposed to be used to access the main page I'm still new to UnRAID Once you have a VPN in place it can be used to access anything on the Unraid server. If configured correctly then anything on the home LAN can be accessed. It is normally mentioned in the context of the main page as that is not hardened against attack from the internet. WireGuard is an alternative to OpenVPN and is built into Unraid. It has the advantage that it runs even when the array is stopped. Quote Link to comment
sheldz8 Posted August 3, 2021 Author Share Posted August 3, 2021 1 hour ago, itimpi said: Once you have a VPN in place it can be used to access anything on the Unraid server. If configured correctly then anything on the home LAN can be accessed. It is normally mentioned in the context of the main page as that is not hardened against attack from the internet. WireGuard is an alternative to OpenVPN and is built into Unraid. It has the advantage that it runs even when the array is stopped. Thank You I will check it out Quote Link to comment
ljm42 Posted August 3, 2021 Share Posted August 3, 2021 Please see this for security best practices: https://unraid.net/blog/unraid-server-security-best-practices Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.