Rkpaxam Posted March 19, 2023 Share Posted March 19, 2023 Hi I have repeated email warning saying possible hack attempts. I'm a new user an a bit worried, I have a few docker containers and other than that it's storage. Any ideas ? Quote Link to comment
itimpi Posted March 19, 2023 Share Posted March 19, 2023 Do you have your server exposed to the internet? Do you have parts forwarded to your server? Quote Link to comment
Rkpaxam Posted March 19, 2023 Author Share Posted March 19, 2023 (edited) It's connected to my router so yes it does have Internet. I have no port forwards set up yet until I've setup proxy and or a vpn tunnel. Edited March 19, 2023 by Rkpaxam Spelling Quote Link to comment
itimpi Posted March 20, 2023 Share Posted March 20, 2023 3 hours ago, Rkpaxam said: It's connected to my router so yes it does have Internet. By exposed I mean inbound connections from the internet being possible. This can happen if the server is in the routers DMZ. There has to be something trying to make connections to your server to be triggering the emails. You should be able to get an idea from the syslog what the source address of the potential hack attempts is which might help pin down the culprit. Quote Link to comment
Rkpaxam Posted March 20, 2023 Author Share Posted March 20, 2023 WOW ! ive turned off access to the SSH Port now, that's worrying ! I was hoping it was a docker or an app from my phone ! I do have it in DMZ as i was hoping to get my Searxng Website up and running Quote Link to comment
Solution itimpi Posted March 20, 2023 Solution Share Posted March 20, 2023 You do NOT want an Unraid server to be in the DMZ as it is not hardened against attacks from the web. Doing so almost inevitably leads to your server being hacked. For remote access to the Unraid GUI from the web you should use either the MyServers plugin or use a VPN (Unraid has the WireGuard VPN Server built in). If you want to run a web site then open just the ports for that through your router and make sure the web site is secured. Quote Link to comment
Rkpaxam Posted March 20, 2023 Author Share Posted March 20, 2023 I have removed it from the DMZ and Changed the SSH ports to something other then 22 i also have 127 length random password so this should hopefully stop anything. im not interested in the Gui i want to remote access my films, music and containers although im not sure which method is best. I do have a PIA account that is running in a docker. if you have any advise? Quote Link to comment
Rkpaxam Posted March 22, 2023 Author Share Posted March 22, 2023 Hi Sir, i have no issues since. Thank you. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.