August 6, 20241 yr Hi all, I have been using unRaid for a few years but still am a novice at best. Periodically my CPU will randomly shoot up to 100% usage and I cannot figure out why. I checked my server last night and it was running at 17% usage, which is normal. I am running Frigate, Compreface, Plex, Sonarr and have HASSio on a VM. I am running 6.12.8. I've attached the diagnostics as well. Any help would be greatly appreciated! Edited August 6, 20241 yr by UhlHomestead
August 6, 20241 yr Community Expert Probably compromised- xmrig has it pegged Edited August 6, 20241 yr by Michael_P
August 6, 20241 yr Author Hey @Michael_P I found xmrig running as a process. I am unsure how to kill the process and how to delete the xmrig Edited August 6, 20241 yr by UhlHomestead
August 6, 20241 yr Community Expert 2 hours ago, UhlHomestead said: So I found that xmrig was running in binhex - krusader. Kill it, make sure your server isn't exposed to the internet, check your go file and extras folder on your flash drive for anything weird. And your VPN credentials are exposed in your diagnostics, you should edit the top post to remove it and change your VPN password as a matter of course. @limetech should really start thinking about obfuscating that.
August 6, 20241 yr Author @Michael_P Thanks for the info. Do you know where my VPN creds are located so I can edit in the diagnostic file? @JonathanM I do have port forwarding rules on my router. Edited August 6, 20241 yr by UhlHomestead
August 6, 20241 yr 7 minutes ago, UhlHomestead said: I do have port forwarding rules on my router. First order of business is to remove all outside access until you can figure out which port forward rule allowed you to be hacked.
August 6, 20241 yr Community Expert 2 hours ago, UhlHomestead said: Do you know where my VPN creds are located so I can edit in the diagnostic file? system/ps.txt --setenv VPN_USER ******** --setenv VPN_PASS ********
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.