April 10, 201214 yr Hey Everyone, I just recently made the jump to 5.0b14 and I have been really happy so far. However, I noticed this morning that someone seems to be trying to remotely log into my machine. I am a little disturbed by this and I am looking for some advice on what I should be doing to make sure that my machine isn't compromised. I already have a pretty good password but I would really appreciate any advice that anyone has to give. From my Syslog: http://pastebin.com/rJfsTHSZ http://pastebin.com/Ea6knv0B Thanks, Will
April 10, 201214 yr There is only one good piece of advice.... Get your system of the internet... Unraid is in its basics not meant to be exposed to the outside world and its security is not strong enough to withstand hacker attacks. If you need it to be accessable from outside set up some kind of VPN tunnel to encapsulate the traffic to and from the unraid system.. An unraid box directly accessable from the net is like walking among walkers with a bleeding hand (am watching The Walking Dead at the moment ;-)
April 10, 201214 yr I use SSH keyfile based authentication to my router, and create a tunnel from there (also with SSH) to access my unRAID box. My router accepts SSH on a non-default port, and the keyfile I use is password protected. I feel pretty safe with this setup.
April 11, 201214 yr I concur with Helmonder - get it off the internet. A secure password is not enough IMO. When I think I'll need to be accessing mine from the outside I temporarily open the firewall in my router to allow the narrowest access required.
April 11, 201214 yr Author Okay guys thanks for the advice but I am not sure I understand why these services such as telnet and sftp are now showing up to the outside world. Did something change from 4.7 to 5.0? Or have I just been oblivious to these 'attacks' until now? How exactly do I go about getting it off the internet? Thanks, Will
April 11, 201214 yr Author I don't remember changing anything on my router but I will have to check to make sure. Thanks for the advice. -Will
April 11, 201214 yr I don't remember changing anything on my router but I will have to check to make sure. Thanks for the advice. -Will If you have a wireless router, make sure that you have the security turned on and a secure password applied. If you haven't previously done that, you have probably already been compromised and most likely all of your computers and data have been hacked.
April 11, 201214 yr Also look into uPnP on your router. If you are not familiar with it and how to use it safely (not always easy to do), then it should be turned off. Short story: it is a way for somtehing inside your network to tell the router to open a port so the outside can come in and have a two-way conversation. It is how I allow uTorrent on my wintel box to to use a random port every session without having to manually map the port everytime. But it is also how a hacker on one machine can open a port to your entire network. EVen without a hacked machine, if you have a service running that you didn't know about that isn't secure (like ftp) it is also a good way to have open ports you didn't even know about. FWIW, with some work and knowledge it is possible to improve your unRaid security by shutting down unneeded services, but it still takes time and reasearch. I shut them all down even though I don't have my machine facing the internet for exactly the situation you are having; I want to avoid accidents / security in depth in case someone gets past my firewall.
April 16, 201214 yr Author Hi Guys, I have attached a picture of the problem. I recently moved and when I was setting up my network at my new place I somehow managed to put the internal address of my unraid box in this setup window. Now that the window is empty, like the picture that I have attached, all is well again. I'm guessing that on an Airport Extreme this is similar to putting a device in a DMZ. Well you live and you learn. I am just glad that I noticed what was going on before someone gained access to my box and had some 'fun'. Thanks again for helping me pull my head out of my ... Thanks, Will
April 19, 201214 yr yup, port mapping is bad if you don't actually intend to use it for a secured machine.
Archived
This topic is now archived and is closed to further replies.