November 14, 201213 yr Just did another hunt for open unraid servers on the internet :-) I get a demonic pleasure in setting their disk name to something like "change your setup, everyone can get at your data" Hard to imagine that people do this..
November 14, 201213 yr Just out of curiosity, what would cause an unraid server to be openly visible on the net? I've got a pretty basic setup, v5 beta 8 with unmenu and simple features but I'm kinda concerned that some servers are accessible. Can you give me some tips on what to avoid in order to keep my server private? My server is connected to my modem router so it has the potential to access the net.
November 14, 201213 yr Just out of curiosity, what would cause an unraid server to be openly visible on the net? I've got a pretty basic setup, v5 beta 8 with unmenu and simple features but I'm kinda concerned that some servers are accessible. Can you give me some tips on what to avoid in order to keep my server private? My server is connected to my modem router so it has the potential to access the net. It is perfectly fine, and in 99% of the cases expected that unRAID should access the internet. It needs to if you want it to automatically set the system time. It needs to if you are expecting to use it for add-ons that download content. In other words, it is OK for it to call out to the web. However, it is NOT OK for anyone on the web to access your server of the files on it. That occurs when you open up access on your ROUTER to the unRAID server. You would need to put the unRAID server in the DMZ zone on most routers for this to occur. Joe L.
November 15, 201213 yr Thanks for the reply. Seeing as though I have no idea what the "DMZ Zone" is I will safely assume I haven't. Ill be checking when I get home though.
November 15, 201213 yr OK, if its not safe to say how you find them in the forum can someone please PM me so I can check if I can see mine? Just to ease my paranoia
November 15, 201213 yr OK, if its not safe to say how you find them in the forum can someone please PM me so I can check if I can see mine? Just to ease my paranoia Put me on the mee too list.
November 15, 201213 yr Author This "hunt" thing got out of hand :-) I'll tell it like it is: If you just install your unraid box and do not do anything specific on your router then your unraid system sits safely within you own intranet, it can access the internet but a request FROM the internet cannot reach it. Now... Lets say you did not know what you were doing and you figured that it might be nice to check up on your drive status from work. Then you could very easily tell your internet router that any traffic from the internet towards port 80 (www) needs to get routed to your unraid system. That way you could access your system from anywhere. HOWEVER... This means that EVERYONE can do this... There is a userid/password but that is absolutely not strong enough to be used in such an environment. Unraid is absolutely not BUILT to be used in such a fashion, that also is not a shortcomming, it is meant to be that way. Now you can do worse.... A router will allow you to place a system (your pc, or your unraid box) into a so called "DMZ", what that means basically is that any internet request the router receives gets routed to your unraid system, not only www traffic, but also telnet, ftp, your plugins, everything... Now you might not be aware of this but your internet connection is probed several thousend times a day by all those nice people out there who want to see if they can get into your home.. Both actions described above area a bit like running naked in a darkroom with a bullseye on your ass... Lots of luck.. The best thing you can do security wise is just NOT have the option to access your unraid box from the internet, if you do need to do that then invest your time in implementing a VPN like solution. That is not really easy and you need to know what you are doing or you are in bullseye mode again. Now for the hunting part... Google scans the internet right ? So if an unraid box is open to the internet it will get scanned by google.. Just google something specific to an unraid box and see what happens. Be nice though, help these people in realising what they are doing. Personally I have changed their system name to something like "CHANGE YOUR SETUP YOU ARE OPEN TO THE INTERNET" or something like that...
November 15, 201213 yr Just be aware that even making these small changes with the best if intentions is enough to have you charged with "hacking" in more than one state. It's a long story but I once had a chat with some folks who were lawyers about this ;-)
November 17, 201213 yr Ok, thanks Joe and Helmonder for making this clear. Now I feel confident that mines not visible outside my network. Cheers
November 17, 201213 yr Are there any issues in opening up a port for Plex? That is the only open port I have directed to my Unraid box.
November 17, 201213 yr Author Security will then be dependent on the level of security that Plex gives, and I would not know..
November 17, 201213 yr Plex seems to open a port automatically if your router supports UPNP. The port appears to randomize and if you try to access it directly you receive an errr 401. I can't recall if it identifies what you're accessing or not and I don't know what Plex uses for a server. I'd be a little careful with Plex, I'm running it myself currently. I may poke at it a bit when I have time and check out the various vuln databases....
November 20, 201213 yr I've wanted to set up access to sickbeard, SAB and couchpotato so I can access them from my phone remotely but this is exactly my fear and why I havent. Is there any sort of plug and play VPN that makes this simpler?
November 20, 201213 yr Author The way I did is set up a second router using ddwrt firmware. Works like a charm and provided you have and old compatible router lying around, does not cost anything and is not really THAT hard to setup... Bonus is that the external access will then work for everything you setup on your system.
November 20, 201213 yr I've wanted to set up access to sickbeard, SAB and couchpotato so I can access them from my phone remotely but this is exactly my fear and why I havent. Is there any sort of plug and play VPN that makes this simpler? No.
November 21, 201213 yr Logmein has a free portion to their remote software and you can use tri-authentication with encryption if you want. Can't get much more paranoid then that. All these crazy things people are doing with their ports, DMZ's and router PNP stuff is crazy! Years back complete desktop remote software was just ok, since speeds weren't fast all over and all that. Now that speeds are decent pretty much all over, dial-up is no longer at all anymore, complete remote desktop is instant right in your face. I remember the old days waiting for Procom Plus terminal software to display my remote computer desktop and it would take 5 minutes just to display the desktop.
November 21, 201213 yr Author Reason i have chosen a vpn solution opposite a steppingstone like logmein is that i do not want my pc running at all times to make this possible. Also I control my unraid system with my iphone to a large extent, thanks to the vpn solution all my apps work on and off site in the same way. So I would not call myself crazy. Thanks
November 21, 201213 yr Reason i have chosen a vpn solution opposite a steppingstone like logmein is that i do not want my pc running at all times to make this possible. Also I control my unraid system with my iphone to a large extent, thanks to the vpn solution all my apps work on and off site in the same way. So I would not call myself crazy. Thanks Logmei Hamachi does not need any other machine running on the network. Hamachi is installed on the unRAID server. It is not the same as the conventional remote desktop version of Logmein or similar tools like Teamviewer, etc.
November 21, 201213 yr ... i do not want my pc running at all times ... Logmei Hamachi does not need any other machine running on the network. Hamachi is installed on the unRAID server. It is not the same as the conventional remote desktop version of Logmein or similar tools like Teamviewer, etc. You can even remote into unRAID with Hamachi and send the "magic packet" to wake your desktop if you need to remote into it.
November 21, 201213 yr You can even remote into unRAID with Hamachi and send the "magic packet" to wake your desktop if you need to remote into it. Are you sure? I know it is possible with LogMeIn but also Hamachi? How?
November 21, 201213 yr You can even remote into unRAID with Hamachi and send the "magic packet" to wake your desktop if you need to remote into it. Are you sure? I know it is possible with LogMeIn but also Hamachi? How? Since you have a console login to unraid via hamachi, I would assume he means that you issue the command there using whatever slack package will send a WOL packet at the unraid command line.
November 21, 201213 yr ... you issue the command there using whatever slack package will send a WOL packet at the unraid command line. That's right.
November 21, 201213 yr Author Oh yeah.... All that is wayyyyy easier then my vpn box ;-) Guys, to each its own, I think my solution suits me best, I do not like to be called crazy though
November 21, 201213 yr Oh yeah.... All that is wayyyyy easier then my vpn box ;-) Guys, to each its own, I think my solution suits me best, I do not like to be called crazy though Actually I'd rather do it your way and I may try to figure it out if I get some time to tinker with the network when others aren't using it.
Archived
This topic is now archived and is closed to further replies.