Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unraid box has been hacked- My websites are now vulnerable

Featured Replies

Hi community,

 

My Unraid box is sat in my lan and I am using nginx reverse proxy and an open port on my firewall to self host a bunch of services. Most of them are running as dockers but I have a few VMs too. For example- bitwarden, nextcloud, organizr, plex just to name some of them.

 

When using bitwarden from outside my lan, Chrome identified my domain as being unsafe with the 'Deceptive Site Ahead' warning.

 

I also had difficulty logging into the Unraid box from inside my lan. A search online advises me to scan the affected website and clear the vulnerability & malware but I have no idea how to do this on my Unraid box. Each of the services are accessible via a specific sub domain I've set in nginx and cloudflare. For example plex.mydomain.com forwards to the plex docker container. However, checking mydomain.com comes up as compromised by Google. So I don't know which site/sites are affected.

 

I've shut down the unit but I'd like to run a malware and vulnerability scan and removal on the Unraid box but I don't know how to go about this? I'm desperate to get back up and running. Can someone please help and advise me on how to remedy this?

 

Thanks in advanced,

Mikey

 

  • Author

@Comfuzio Thanks for reply.

 

I do not have a static external IP. I'm using cloudflare for dynamic DNS.

I was using a port forward to send 443 to the local IP of my nginx proxy manager. I've disabled this off for now just in case.

Not sure how to answer the third question. But-

 

When visiting the IP of my Unraid dashboard I get 'This site can not be reached'

 

And with the port forward enabled I am not able to reach any of the sites. Something to do with SSL cert(s) on the Unraid box. I really havent got much of a clue.

 

However, I can SSH to the Unraid box and some of my web services can be accessed via their associated local IP and port number.

 

 

Screenshot 2022-10-05 at 23.06.04.png

Screenshot 2022-10-05 at 23.05.23.png

Edited by MikeyRaa

i've actually got the same issue. i tried submitting a request to google to unflag it, and shortly after it worked for a little while, and was flagged again. scoured around looking for a solution to no avail, so i'll be keeping an eye on this post. but, you are not alone 😂  

  • 1 month later...

Following this topic, as I'm encountering the same problem with my sites too. I can't recall when this started for me, but from Oct sounds about right.

I also use NPM. Using Let's Encrypt, with or without a DNS Challenge and/or a scheme of http or https, has the same outcome of a "Deceptive site ahead".

Could it be something to do with Let's Encrypt? Or perhaps DuckDNS?

 

I am not sure how to create the Custom Certificate, so perhaps that's an avenue to explore?

 

Cheers,

gwl

  • 5 months later...

I am facing the same issue, did anyone figure out whats causing this issue? my setup has not changed for years, i'm using swag for my proxy and certificates.

Same here.  Just started happening recently. See attached image of Chrome's red warning screen. My first thought was a bad certificate but it's not that (cert is valid).  Google has decided the site is unsafe for some reason.  It's interesting there are two of us reporting this in one day when thread has been quiet for almost 6 months.  It could be the Chrome/Google rolled out a stronger rule or policy.  But I'm also worried that somehow my box has been hacked. For now I've reported it as incorrectly flagging my <domain>.com site at this "Report Incorrect Phishing Warning" page.  

 

Does anyone know how secure the "NginxProxyManager" docker is?  Forwarding ports 80 and 443 to it certainly exposes it to the open internet where it could be compromised. 

 

 

google warning.png

1 hour ago, defcon said:

Google has decided the site is unsafe for some reason.

Screenshot shows http in the url. Chrome doesn't like plain HTTP websites without SSL.

  • 4 months later...

i have the same problem havent used my server for a month and im getting the red screen but have https showing

and have updated my cert on cloudflare

 

 

Untitled.png

Edited by thompw
wrong pic

I also have Chrome occasionally complain about my Jellyfin instance. Nothing else, and it's all set up the same way. Since others seem to have the issue with Jellyfin too I guess there's something Chrome doesn't like about it specifically. 

  • 1 month later...

I've had it several times over the last few months happen to my sonarr and emby subdomains, each time I reported it to google as false positive and it's cleared within a few hours. 

 

I also have never seen any evidence of links in google tools for the domains.

I had this issue a few months ago, reported it, and it cleared eventually.  But it made me gun shy to turn it back on and used VPN for a while.  I recently turned it back on and haven't yet had problems.  One thing that occurs to me is to use more cryptic sub-domains.  So instead of nzbget.mydomain.com use something much harder to guess (in place of nzbget in that example).  Does anyone know enough about what causes the problems to know if that would help?

There are two parts to this issue:

 

1. Google Chrome is really becoming a pain in the ass when it comes to security vs obscurity -> switch to Firefox for more sane Defaults, heck even Edge is better nowadays ...

They're (Google) at a point in regards to blocking ad blockers (YouTube), masking search results and blocking various "potential" unwanted subdomains ... yes, its sucks but that's just Google nowadays - prepare for the migration rather sooner then later ...
 

2. I would never advise to open up a port to expose Unraid or its Docker-Containers / VMs to the Internet. Its just not architected for this. As soon as a port is open you open up a can of worms - there's a shit ton to consider and prevent that the usual cluseless home-user cannot and will not see ... its really time consuming and super risky.

 

Use Wireguard VPN or Tailscale to establish a trusted VPN-Network is litterally the only thing you should ever do.

 

Tailscale is a lot simpler to setup mind you ...

Edited by jit-010101

14 hours ago, jit-010101 said:

prepare for the migration rather sooner then later

Thank you.  What kind of "migration" are you referring to?  To get off of Chrome?

 

On your other point about not opening ports, do you think using cloudflare for their proxying (or even their argo tunnel, which I don't do) helps?  My understanding is that even is someone is hammering your domain name, they don't know your real IP address when you go through cloudflare.  Thanks!

12 hours ago, defcon said:

 What kind of "migration" are you referring to?  To get off of Chrome?

 

Yep - towards Firefox or Edge, at least as a second browser to fall back to

 

12 hours ago, defcon said:

do you think using cloudflare for their proxying (or even their argo tunnel, which I don't do) helps?

 

Yea well it could - Wireguard is included with Unraid via Settings -> VPN Manager ... if you want that even easier there is also a Tailscale plugin which basically a Peer 2 Peer Wireguard Network spanning accross your "tailscaled" devices ... I find the later one really usefull for example if I have to take care of maintenance of my parents devices.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.