April 9, 20233 yr Due to a firewall misconfiguration unraid System was exposed to the internet for few weeks, meaning no port was filtered/blocked so everything was open wide. This caused one of my Docker images (qBittorrent) to get a crypto miner (xmrig). I've found it out just because half of my cpu cores were running at 100%. Killed the xmrig process, it lived inside the qBittorrent's docker. Deleted qBittorrent's docker completely and set it up again together with the firewall. Attached the logs as I cannot find how did the attacker do this. Another question is... what else could have been compromised? unraid-diagnostics-20230409-1648.7z
April 10, 20233 yr Author I also have to mention that during the time Unraid was exposed to the internet, the router had IP-V6 DHCP enabled and if I reckon correctly I seen IP-V6 in both Unraid and all dockers. Currently routers IP-V6 DHCP is turned off and firewall blocking incoming connections. I've also seen a lot of these errors in syslog.txt, are these normal? Apr 9 05:00:01 UNRAID move: move_object: //..c/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..r/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..r/... Apr 9 05:00:01 UNRAID move: move_object: //..r/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..f/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..f/... Apr 9 05:00:01 UNRAID move: move_object: //..f/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..f/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..f/... Apr 9 05:00:01 UNRAID move: move_object: //..f/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..h/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..h/... Apr 9 05:00:01 UNRAID move: move_object: //..h/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..h/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..h/... Apr 9 05:00:01 UNRAID move: move_object: //..h/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..4/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..4/... Apr 9 05:00:01 UNRAID move: move_object: //..4/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..g/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..g/... Apr 9 05:00:01 UNRAID move: move_object: //..g/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..t/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..t/... Apr 9 05:00:01 UNRAID move: move_object: //..t/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..r/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..r/... Apr 9 05:00:01 UNRAID move: move_object: //..r/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..p/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..p/... Apr 9 05:00:01 UNRAID move: move_object: //..p/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..d/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..d/... Apr 9 05:00:01 UNRAID move: move_object: //..d/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..n/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..n/... Apr 9 05:00:01 UNRAID move: move_object: //..n/... No such file or directory Apr 9 05:00:01 UNRAID root: Specified filename //..p/... does not exist. Apr 9 05:00:01 UNRAID move: file: //..p/...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.