Pain_Twain Posted January 14, 2022 Share Posted January 14, 2022 Hey total noob here, I run an Unraid server for 2 gaming VM's and sometimes a dedicated server for games. The last two days since setting up my dedicated server I have been maxing out CPU at 100%. I tried EVERYTHING, short of wiping all drives and reinstalling Unraid. The server was maxing out with no VM's or Docker containers active. I reboot and wait to see how long it takes to 100%, less than 2 minutes from fresh restart. I check the logs and I realize that my server was actively being attacked by random IP's on random ports. Some IP's led to Beijing and some may have gotten into my server. My password was probably the simplest password ever. Anyway I locked down my network, reset my Unraid password to something a toddler couldn't type and my logs show no external connection attempts. This post is half confession/warning to others. SECURITY! Make good passwords! I can't wait till next Unraid version and the forced strong passwords! Attached is hopefully none threatening screencap of my log during the "attack". TLDR; Noob wanted to host dedicated server, opened server through DMZ on router, constant login attempts from China. These login attempts 100%'d my CPU while idling. I don't know if they stole anything but lesson learned. Also the CCP couldn't figure out a simple 3 digit password LOL. Quote Link to comment
trurl Posted January 14, 2022 Share Posted January 14, 2022 You should have a strong password, but even more important, you shouldn't put your server on the internet. Setup Wireguard (builtin) or use My Servers to access your server remotely. https://wiki.unraid.net/Manual/Security 1 Quote Link to comment
Pain_Twain Posted January 14, 2022 Author Share Posted January 14, 2022 Thank you so so much! I am on it! Nothing like a big slice of humble pie for me tonight! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.