LOOKS like I get hacked from eking virus in my home network


looop

Recommended Posts

Someone try to login my SERVER, the ip / 192.168.31.112 is my SERVER. the ip / 192.168.31.122 is the hacker.

 

he alway try to login my server.  

 

I cannot FIND him, due to he ip / 192.168.31.122 is my virtual machine Win 10. the win 10 look like good. 😭

 

last day, some of My file to be encrypted by [ eking virus ], then I turn off the Public network ip on my router, and turn the Physical win 10 (it be hacked due to my bad easy password and Exposed it to the public network). and I delete the encrypted file.😰

 

I need help. 

 

 

image.png.8d468d132d7392dae4578a6fb1b13f1c.png

 

image.png.586f09527a70f39accd6623fecef0306.png

 

 

 

encrypted file:

 

 

image.png.c40ba355edeecd9434bfdef68bdbc80b.png

 

 

 

Link to comment

Immediately turn off you Windows 10 VM. If you really need to turn it on I'd remove it's network interface from the VM manager first. That way it cannot be reached, nor can it infect the rest of your network.

 

Copy anything you really need to USB medium, take care not to copy anything that could be infected with anything. Then delete the VM.

 

You also need to carefully examine and scan for virus any other computer on your network. Also scan the unraid server from a shell run:

 

docker run --name ClamAV -v /mnt/user:/scan:ro tquinnelly/clamav-alpine -i

 

This will download ClamAV, update it and run a full scan of everything in /mnt/user. You might want to scan /boot as well afterwards.

 

As for security you should never expose neither Unraid or an VM to the internet directly. Never ever use DMZ. If you really need to expose a web service use a reverse proxy and setup port forwarding of single ports.  Reverse proxies often have the option to protect against a lot of hacking attempts. 

 

Since a hacker managed to get into your Windows VM you either have exposed the whole thing, or you have exposed some unsecured or poorly protected service. 

  • Haha 1
Link to comment
18 hours ago, paaland said:

Immediately turn off you Windows 10 VM. If you really need to turn it on I'd remove it's network interface from the VM manager first. That way it cannot be reached, nor can it infect the rest of your network.

 

Copy anything you really need to USB medium, take care not to copy anything that could be infected with anything. Then delete the VM.

 

You also need to carefully examine and scan for virus any other computer on your network. Also scan the unraid server from a shell run:

 

docker run --name ClamAV -v /mnt/user:/scan:ro tquinnelly/clamav-alpine -i

 

This will download ClamAV, update it and run a full scan of everything in /mnt/user. You might want to scan /boot as well afterwards.

 

As for security you should never expose neither Unraid or an VM to the internet directly. Never ever use DMZ. If you really need to expose a web service use a reverse proxy and setup port forwarding of single ports.  Reverse proxies often have the option to protect against a lot of hacking attempts. 

 

Since a hacker managed to get into your Windows VM you either have exposed the whole thing, or you have exposed some unsecured or poorly protected service. 

 

 

THX, I will do as you said.👍

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.