November 29, 20241 yr i'm a pretty uneducated unraid user and tonight i've gotten hacked and I'm stuck wondering at what level they had access to my server. if anyone could help me figure out what happened and how I can prevent this + if I need to wipe my system. Posting diagnostics yoosh-diagnostics-20241130-0337.zip Edited November 29, 20241 yr by hauntology
November 29, 20241 yr Community Expert Typically, is another device that infects the server via SMB, assuming the server is not directly exposed to the internet.
November 30, 20241 yr Author @JorgeB i did have my media share mapped and open in share settings, since the attack ive set it to secure and yes hidden. i also discovered I’ve had dynamic unraid connect on upnp for remote access and i shut that off too, slowly reinstalling a few files to leave on there for a few days before I start getting it all back. thank you for your advice
November 30, 20241 yr Community Expert If you have write permission turned on to the share(s), you are still at risk. Most of the time, the Malware will be installed on one of the client computers. As soon as you connect to the server, it has all the info it needs to do its work. (By the way, Windows SMB clients stay logged into the server until one of the two is physically powered down!) You need to do a lot of googling with the information that you have (or can discover through investigation) about actual Malware software you have to find out how to clean the malware from your entire system.
November 30, 20241 yr Community Expert 9 hours ago, hauntology said: @JorgeB i did have my media share mapped and open in share settings, since the attack ive set it to secure and yes hidden. i also discovered I’ve had dynamic unraid connect on upnp for remote access and i shut that off too, slowly reinstalling a few files to leave on there for a few days before I start getting it all back. thank you for your advice Neither of those should necessarily have let ransomware in so you definitely need to look at any client devices.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.