looop Posted September 17, 2021 Share Posted September 17, 2021 Someone try to login my SERVER, the ip / 192.168.31.112 is my SERVER. the ip / 192.168.31.122 is the hacker. he alway try to login my server. I cannot FIND him, due to he ip / 192.168.31.122 is my virtual machine Win 10. the win 10 look like good. 😭 last day, some of My file to be encrypted by [ eking virus ], then I turn off the Public network ip on my router, and turn the Physical win 10 (it be hacked due to my bad easy password and Exposed it to the public network). and I delete the encrypted file.😰 I need help. encrypted file: Quote Link to comment
paaland Posted September 18, 2021 Share Posted September 18, 2021 Immediately turn off you Windows 10 VM. If you really need to turn it on I'd remove it's network interface from the VM manager first. That way it cannot be reached, nor can it infect the rest of your network. Copy anything you really need to USB medium, take care not to copy anything that could be infected with anything. Then delete the VM. You also need to carefully examine and scan for virus any other computer on your network. Also scan the unraid server from a shell run: docker run --name ClamAV -v /mnt/user:/scan:ro tquinnelly/clamav-alpine -i This will download ClamAV, update it and run a full scan of everything in /mnt/user. You might want to scan /boot as well afterwards. As for security you should never expose neither Unraid or an VM to the internet directly. Never ever use DMZ. If you really need to expose a web service use a reverse proxy and setup port forwarding of single ports. Reverse proxies often have the option to protect against a lot of hacking attempts. Since a hacker managed to get into your Windows VM you either have exposed the whole thing, or you have exposed some unsecured or poorly protected service. 1 Quote Link to comment
looop Posted September 19, 2021 Author Share Posted September 19, 2021 18 hours ago, paaland said: Immediately turn off you Windows 10 VM. If you really need to turn it on I'd remove it's network interface from the VM manager first. That way it cannot be reached, nor can it infect the rest of your network. Copy anything you really need to USB medium, take care not to copy anything that could be infected with anything. Then delete the VM. You also need to carefully examine and scan for virus any other computer on your network. Also scan the unraid server from a shell run: docker run --name ClamAV -v /mnt/user:/scan:ro tquinnelly/clamav-alpine -i This will download ClamAV, update it and run a full scan of everything in /mnt/user. You might want to scan /boot as well afterwards. As for security you should never expose neither Unraid or an VM to the internet directly. Never ever use DMZ. If you really need to expose a web service use a reverse proxy and setup port forwarding of single ports. Reverse proxies often have the option to protect against a lot of hacking attempts. Since a hacker managed to get into your Windows VM you either have exposed the whole thing, or you have exposed some unsecured or poorly protected service. THX, I will do as you said.👍 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.