jeffreywhunter Posted June 26, 2015 Share Posted June 26, 2015 How can you setup your system to have access remotely (i.e. port forwarding) without it getting hacked by the Chinese? I'd like to share my Plex server with a couple of friends, but the moment I opened up port forwarding, I was getting hacked... Link to comment
jonp Posted June 26, 2015 Share Posted June 26, 2015 What port(s) did you open? Just 32400? How did you know you were "getting hacked"? Link to comment
gubbgnutten Posted June 26, 2015 Share Posted June 26, 2015 ...and for clarity please include what you mean by "getting hacked" in your answer to jonp's question. If a service is insecure it simply shouldn't be exposed to the Internet. Depending on the situation, I might possibly share such a service with select friends using OpenVPN or SSH tunnels. If I had a (supposedly) secure service exposed to the Internet and got lots of malicious access attempts from Chinese IP ranges, I would have my firewall block all known Chinese IP ranges from accessing the service as I don't expect any connections from China. Blocking those IP ranges wouldn't actually improve security that much, of course, but it wouldn't make it any less secure and my logs would probably get slightly less cluttered. Win. Link to comment
jeffreywhunter Posted June 26, 2015 Author Share Posted June 26, 2015 Sorry, I used the term 'hacking' too loosely. I had port-forwarding open for a couple of days. I happened to have my log open watching some other things going on when suddenly I could not open another telnet session. But the webgui worked fine. So I opened the log to see if anything was going on and there I noticed a connection from an unfamiliar ip address. Did a whois ip and saw it was from hong kong. So I promptly shut down port forwarding. Then I could telnet in easily. So assumed someone from China was 'exploring' my box. I'm only aware of Port Forwarding and Upnp for remote access to my system or using a VPN. I looked at OpenVPN, but it took me to another site called privatetunnel.com. Not sure why. So what you're saying is that you build a secure tunnel and give access to the tunnel. So they login to the VPN, then login to the resources (server, ftp, plex, etc)? Which also means they need to have the VPN client software as well? Link to comment
reluctantflux Posted June 26, 2015 Share Posted June 26, 2015 Jeffrey, Can you give a bit more information on what your end goal is? Do NOT open up ports to Unraid on your router. 1) What services are your trying to allow access to externally? 2) What model router do you have? ETA: Too early, not enough coffee. I see you mentioned Plex. What ports did you forward? What log did you open to find the other connection? Plex log, unraid log? Most secure would be a VPN tunnel to your router. But with Plex or Emby, that shouldn't be necessary. Link to comment
gundamguy Posted June 26, 2015 Share Posted June 26, 2015 I had port-forwarding open for a couple of days. I happened to have my log open watching some other things going on when suddenly I could not open another telnet session. But the webgui worked fine. So I opened the log to see if anything was going on and there I noticed a connection from an unfamiliar ip address. Did a whois ip and saw it was from hong kong. So I promptly shut down port forwarding. We need a bit more info, what ports were you fowarding? I'm only aware of Port Forwarding and Upnp for remote access to my system or using a VPN. I looked at OpenVPN, but it took me to another site called privatetunnel.com. Not sure why. Private Tunnel is a service that the OpenVPN people are trying to sell. But yeah the OpenVPN website isn't easy to navigate. I think what your looking for is this... So what you're saying is that you build a secure tunnel and give access to the tunnel. So they login to the VPN, then login to the resources (server, ftp, plex, etc)? Which also means they need to have the VPN client software as well? Yes if you go the VPN route then they will need Client Software. That said I'm not sure you need to go the VPN route if all your are planning to share is Plex / Emby... which is why we need to understand a bit more exactly what ports you forwarded / what rules you used. Based on what you said it sounds like you shared too many ports, including the port for telnet. Link to comment
jeffreywhunter Posted June 27, 2015 Author Share Posted June 27, 2015 2 Use cases: 1) I want to be able to manage the entire server remotely. I'm considering building and selling unRaid media servers and offering remote management services. So I need the necessary ports i.e. 80 for the Unraid webgui, 8080 for unmenu, 23 for telnet, 21 for FTP, etc. 2) Ability to offer remote access with various apps that could reside on the server and be shared. Most typical is Plex (32400), which works great, if you open up upnp (I've heard problems with that too). So as I'm just exploring this, I'm not sure exactly what ports would actually be required. So researching options. As to how I discovered it. Pure luck. I had been experimenting with opening ports for a day or so and currently had 80, 23 and 21 open testing some apps (JuiceSSH from Android, Mobaxterm to telnet in through the external IP, filezilla trying to FTP, etc). I was actively using telnet locally (192.168 stuff) and been in and out of the server all day. All of a sudden my telnet client (mobaxterm - which works great by the way) just stopped working. Webgui and shares were working fine (actively moving files, etc). So I pulled up the log from the webgui and the latest entry showed a terminal access from an unfamiliar IP address. Did a whoisip and saw it was from Hong Kong. I promptly turned off the port forwarding and instantly I could telnet locally. So now I'm pondering why there is evil in the world and looking for a more secure way to be able to access the resources of a server remotely. I have considered setting up a VPN and all that, but it gets complicated...and there's a cost. Link to comment
aptalca Posted June 27, 2015 Share Posted June 27, 2015 2 Use cases: 1) I want to be able to manage the entire server remotely. I'm considering building and selling unRaid media servers and offering remote management services. So I need the necessary ports i.e. 80 for the Unraid webgui, 8080 for unmenu, 23 for telnet, 21 for FTP, etc. . . . So now I'm pondering why there is evil in the world and looking for a more secure way to be able to access the resources of a server remotely. I have considered setting up a VPN and all that, but it gets complicated...and there's a cost. What you're looking for is the openvpn server docker container. Install it from the community repositories. With a free license, you get two concurrent users connected. They have client apps for every platform you can think of, and you can download the client profiles from the docker container's web server on each device Link to comment
dgaschk Posted June 27, 2015 Share Posted June 27, 2015 The built-in VPN clients in most mobile or laptops can connect to a variety of standard VPN servers. Link to comment
jeffreywhunter Posted June 27, 2015 Author Share Posted June 27, 2015 @aptalca - good news. Sorry to be the 'noob', but which community libraries are you referring to? I've got Lime-tech, Needo, Gfjardim and Eroz in my templates, but I don't see a VPN docker. Link to comment
Helmonder Posted June 27, 2015 Share Posted June 27, 2015 2 Use cases: 1) I want to be able to manage the entire server remotely. I'm considering building and selling unRaid media servers and offering remote management services. So I need the necessary ports i.e. 80 for the Unraid webgui, 8080 for unmenu, 23 for telnet, 21 for FTP, etc. 2) Ability to offer remote access with various apps that could reside on the server and be shared. Most typical is Plex (32400), which works great, if you open up upnp (I've heard problems with that too). So as I'm just exploring this, I'm not sure exactly what ports would actually be required. So researching options. As to how I discovered it. Pure luck. I had been experimenting with opening ports for a day or so and currently had 80, 23 and 21 open testing some apps (JuiceSSH from Android, Mobaxterm to telnet in through the external IP, filezilla trying to FTP, etc). I was actively using telnet locally (192.168 stuff) and been in and out of the server all day. All of a sudden my telnet client (mobaxterm - which works great by the way) just stopped working. Webgui and shares were working fine (actively moving files, etc). So I pulled up the log from the webgui and the latest entry showed a terminal access from an unfamiliar IP address. Did a whoisip and saw it was from Hong Kong. I promptly turned off the port forwarding and instantly I could telnet locally. So now I'm pondering why there is evil in the world and looking for a more secure way to be able to access the resources of a server remotely. I have considered setting up a VPN and all that, but it gets complicated...and there's a cost. Opening up port 80, 21 or other standard ports like that is asking for trouble really.. The activity you saw on your ports where most probably portscans, thousends of them are beinig executed all the time in an effort to find systems that have open ports for regular services like http or telnet.. If you want a safe connection then the best way to do that and keep full flexibilty is set up a VPN tunnel, install a VPN server in the network you want to go in to manage, setup a client on your side, make sure you are using l2tp/ipsec (pptp is not secure but allready a lot better then forwarding ports) or openvpn certificates.. That way you " dial in" to the network and all is like it would be your own network after that. You would need to find the best way to setup that vpn server, there are a lot of linux alternatives out there, since you are looking to do this commercially I am guessing you will take the time to find the best one for you. Link to comment
aptalca Posted June 27, 2015 Share Posted June 27, 2015 @aptalca - good news. Sorry to be the 'noob', but which community libraries are you referring to? I've got Lime-tech, Needo, Gfjardim and Eroz in my templates, but I don't see a VPN docker. http://lime-technology.com/forum/index.php?topic=40262.0 Install this plugin and you'll see all the docker containers created specifically for unraid under your docker tab. You can install them from there as well Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.