December 18, 20232 yr I am not sure how this happened. It could have been a malicious attacker, a bug in some software, a freak accident or something but I come home after a small weekend vacation with unRaid completely unusable. I reboot and nothing is booting. I plug a monitor into my server and a warning that the OS isn't booting due to a missing/corrupt file. No big deal, I've had USB keys die before so I plug it into my desktop and noticed pretty much everything on the USB stick is gone. Very strange... I go to my external hard drive backup to grab my unraid USB key backup which was mounted to unraid via an SMB share for nightly backups and that, it also empty... I reinstall unraid on my USB stick and I was able to boot in a factory reset server. I was able to locate the parity drive I used before and I was able to start the array. unRaid reports that all of my disks are basically empty. About 20 TB's of data is gone... I literally just set up Duplicati and started backing up everything to BackBlaze but it wasn't able to finish the backup before everything got deleted. Most of the storage was media but I obviously kept important documents such as tax returns, program file keys, family photos, everything... I bought Raise Data Recovery to see if I can restore the files. Seems like it's able to locate pretty much everything but it's going to take a few days to scan 20 TB's worth of hard drives plus my 6 TB external hard drive. I am not quite sure how this happened. I have Plex docker, Overseer docker, NextCloud docker and Home Assistant VM allowed on my WAN through a NGINX docker proxy so I guess that could have been possible to access unraid through one of those dockers. After I restore my data, I will continue my external backup to BackBlaze (it's super cheap. Probably only going to cost $2 a month to backup my non-media files), fix how I do my external hard drive backup (no mounting directly to unraid), using an external USB enclosure do to offline, manual monthly backups. I will redo all of my shares and keep my personal, important data on a separate share where no dockers (except Duplicati) can access. I will do an external network scan to make sure I didn't expose a docker or the NGINX proxy config page to the web. I will go through each docker to confirm they have minimal access to do their jobs. I am pretty sure a misconfigured docker caused all this. I did have Nextcloud have access to the entire share so I can access it anywhere but I removed that a while ago since I never really used it and I use Wireguard VPN to access files if needed. I need Home Assistant and Plex accessible since my family watches movies and TV shows off my server and Home Assistant for cell phone notifications for devices that don't have a VPN. Keep your data safe everyone!
December 19, 20232 yr Not sure how this happened but I am replying to follow this in case anyone else has an idea.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.