February 13, 201214 yr I googled unRAID today and came across someone's server completely open for everyone to see. This server had a 5 beta installed. I renamed this server "Firewall your server" to make this completely obvious to you. I presume this person frequents the forum so PLEASE firewall your server and give your root user a password.
February 13, 201214 yr I googled unRAID today and came across someone's server completely open for everyone to see. This server had a 5 beta installed. I renamed this server "Firewall your server" to make this completely obvious to you. I presume this person frequents the forum so PLEASE firewall your server and give your root user a password. Ouch... If you had given it a root password we could have figured out who it was easier. :'( And then changed the machine name to "Your new root password is 'INSECURE'") Some time in the early 80s I was doing system support via dial-up (pre internet days) fat-fingered a telephone number using "cu" (call unix) The remote system answered and gave a "login:" prompt. The person I was working with typed "root" we had a root shell prompt. Equivalent Ouch.... We quickly typed "exit" (personal UNIX was years away... we can only guess what we had stumbled across)
February 14, 201214 yr Ouch indeed! Looks like it may have been fire-walled or taken off-line. I found what I suspect was the same link that Speeding_Ant found, now not active.
February 14, 201214 yr It was not my server, but is there a guide to follow to ensure that a firewall is properly setup?
February 14, 201214 yr Author The whole point of a firewall is to: a) Stop the outside world accessing your internal network b) Control which ports and IP addresses flow to internal services. EG, Externally someone would access www.limetech.com, you can specify which internal IP address & port this request should speak to. If you're new to it, I suspect the easiest way to set up your firewall is to not touch much! Most firewalls are setup to be 'secure' enough from the get go. There are some web services that can check if there are any glaringly obvious holes in your setup. I suspect what this person did was set their unRAID server as the NAT "Default Host". All ports were accessible from what I could see.
February 14, 201214 yr Likely! I did it for 5 minutes when I was bored. And quickly shut it off...every port except my router management port was going to the unRAID IP!
February 14, 201214 yr If you get bored visit this website https://www.grc.com Look for Sheilds Up and tell it to scan your machine. It will normally come back with open ports... Hopefully ones that aren't dangerous. LOL
February 19, 201214 yr If you get bored visit this website https://www.grc.com Look for Sheilds Up and tell it to scan your machine. It will normally come back with open ports... Hopefully ones that aren't dangerous. LOL +1 GRC is an amazing company, and their free tools are indispensable for security.
February 21, 201214 yr Funny it got indexed. Also surprised the webui was still up, it lasts about 5 seconds if you throw anything unexpected at it. (xss etc)
Archived
This topic is now archived and is closed to further replies.