UhlHomestead Posted August 6 Share Posted August 6 (edited) Hi all, I have been using unRaid for a few years but still am a novice at best. Periodically my CPU will randomly shoot up to 100% usage and I cannot figure out why. I checked my server last night and it was running at 17% usage, which is normal. I am running Frigate, Compreface, Plex, Sonarr and have HASSio on a VM. I am running 6.12.8. I've attached the diagnostics as well. Any help would be greatly appreciated! Edited August 6 by UhlHomestead Quote Link to comment
Michael_P Posted August 6 Share Posted August 6 (edited) Probably compromised- xmrig has it pegged Edited August 6 by Michael_P Quote Link to comment
UhlHomestead Posted August 6 Author Share Posted August 6 (edited) Hey @Michael_P I found xmrig running as a process. I am unsure how to kill the process and how to delete the xmrig Edited August 6 by UhlHomestead Quote Link to comment
UhlHomestead Posted August 6 Author Share Posted August 6 So I found that xmrig was running in binhex - krusader. Quote Link to comment
JonathanM Posted August 6 Share Posted August 6 Do you have any port forwarding rules in your router, or DMZ set? Quote Link to comment
Michael_P Posted August 6 Share Posted August 6 2 hours ago, UhlHomestead said: So I found that xmrig was running in binhex - krusader. Kill it, make sure your server isn't exposed to the internet, check your go file and extras folder on your flash drive for anything weird. And your VPN credentials are exposed in your diagnostics, you should edit the top post to remove it and change your VPN password as a matter of course. @limetech should really start thinking about obfuscating that. Quote Link to comment
UhlHomestead Posted August 6 Author Share Posted August 6 (edited) @Michael_P Thanks for the info. Do you know where my VPN creds are located so I can edit in the diagnostic file? @JonathanM I do have port forwarding rules on my router. Edited August 6 by UhlHomestead Quote Link to comment
JonathanM Posted August 6 Share Posted August 6 7 minutes ago, UhlHomestead said: I do have port forwarding rules on my router. First order of business is to remove all outside access until you can figure out which port forward rule allowed you to be hacked. Quote Link to comment
Michael_P Posted August 6 Share Posted August 6 2 hours ago, UhlHomestead said: Do you know where my VPN creds are located so I can edit in the diagnostic file? system/ps.txt --setenv VPN_USER ******** --setenv VPN_PASS ******** Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.