Jump to content

Started w loosing access to shares, now can not even boot


Recommended Posts

from the 'readme' I appear to be running 5.0.4

 

Everything has been absolutely fine from the beginning and obviously by the old version I am running I have not had to mess with it.

Just this past week or two I have had XBMC stop during playback and report it cannot access the file(s). At first I thought it was a router issue because I was using a wireless HTPC when it was happening. Resetting the router etc.... Happens on my wired HTPC's too. On my main computer where the shares are listed as drive letters they were X'ed out with a big red X. I see this when I reboot Win7 but clicking on them clears the X... Not this time. It has required a reboot of unRAID. Oddly enough, I am able to do this from my browser interface. I can spin down disks, spin them up (I can hear them). I even did a syslog. Everything appears to be working except I can not access the shares from my computers.

 

It seemed like the reboot was hanging or not working right so I threw a monitor on it and noticed some things during bootup. So I took a video so I could report it:

 

uget: unable to resolve host address 'slackware.org.uk'

 

hangs 10 seconds then

 

gzip:stdin: unexpected end of file

 

hangs almost a full minute before finishing boot

at top it says

 

chmod: cannot access 'var/log/utnp' : no suce file or directory

Package utempter-1.1.4-i496-1.tgz installed.

 

at the bottom it says

Welcome to Linux 3.9.11p-unRAID (ttyl)

 

tower Login:

 

So it just went two days without re-occurrence until last night it did it while no one was watching anything on the HTPC's. I noticed the red X's in an explorer window while working on other stuff on my main PC.

So I captured a syslog before rebooting this time. Rebooted the server via the interface and went to bed. This morning the server failed to boot. I have no idea how to get any kind of syslog from this event but I did note a few things. Tried to reboot via power switch and same thing happens.

 

ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S2_] (20130117/hwxface-568)

ACPI (suppors S0 S3 S5)

ACPI: Using IOAPIC for interrupt routing

...

PCI: Using MMCONFIG for exended config space

PIC: Using host brigde windows from ACPI; if necessary, use "pci=nocrs" and report a bug

...

pci 0000:00:04.0: System wakeup disabled by ACPI

pci 0000:00:10.0: System wakeup disabled by ACPI

pci 0000:00:10.1: System wakeup disabled by ACPI

 

 

 

System info below.

 

Flash Drive for unRAID operating system

SanDisk Cruzer Fit 4 GB USB Flash Drive SDCZ33-004G-B35

MB

GIGABYTE GA-F2A85XM-D3H FM2 AMD A85X (Hudson D4) HDMI SATA 6Gb/s USB 3.0 Micro ATX AMD Motherboard

PCI Express 2.0 x16 2 (x16, x4)

SATA 6Gb/s 8 x SATA 6Gb/s

CPU

AMD A4-5300 Trinity 3.4GHz (3.6GHz Turbo) Socket FM2 65W Dual-Core Desktop APU (CPU + GPU) with DirectX 11 Graphic AMD Radeon HD 7480D AD5300OKHJBOX

RAM

G.SKILL Ripjaws X Series 4GB (2 x 2GB) 240-Pin DDR3 SDRAM DDR3 1866 (PC3 14900) Desktop Memory Model F3-14900CL9D-4GBXM

Parity WD4001FAEX-00MJRA0

Disk 1 WD30EFRX-68AX9N0

Disk 2 WD2002FAEX-007BA0

Disk 3 WD2002FAEX-007BA0

Disk 4 WD2002FAEX-007BA0

Disk 5 WD40EFRX-68WT0N0

(no cache drive)

 

last parity check was June 02 2015 0 errors

syslog.2015.07.26_can_not_access_shares.txt.zip

Link to comment

Thanks for the reply, which part of my description was not clear?

No red dots on the drives or anything obvious to alert me to what the problem might be. I am guessing it might be with an add on since it works in safe mode. However, since it has worked fine for so long without messing with the software... I do wonder if it is a hardware issue.

unRaid_Scn_copy.jpg.1440469036b9e05c444aed0d4ee67367.jpg

Link to comment

Oh yea, can you point out the relevant section of the syslog with the suspicious connection attempts?

 

Second, I rebooted to run memtest and I guess I was not fast enough my 3yr old unplugged the keyboard... unRAID just booted up in regular mode ???  :-\

Most of your syslog starting with

Jul 24 12:20:39 0Kcorral in.telnetd[3934]: connect from 60.3.32.64 (60.3.32.64)

and continuing until the end

Jul 26 01:21:17 0Kcorral login[4792]: invalid password for 'UNKNOWN'  on '/dev/pts/0' from '78-82-169-146.tn.glocalnet.net'

look very suspicious. Some of these lines even suggest successful login to the ROOT account of your server.

 

Have you tried to make it accessible from the internet for some reason?

Link to comment

Who knows WHAT I might have thought was a good idea back then. I might have made it internet accessible.

 

Sounds like I need to upgrade to version 6.x but do it in a clean install that preserves my array (ie I keep my data intact) ?  (as if I was upgrading from a version 4.x)?

 

Ran memtest overnight and it passed.

From this I found an interesting tidbit... I can start unRAID from a shutdown/power off state but any type of reboot fails to boot. Based on what I see on the screen (reported in orig. post) it seems to think it is coming out of an unsupported sleep state ? IDK, this is a bit over my head.

Link to comment

Who knows WHAT I might have thought was a good idea back then. I might have made it internet accessible.

 

Sounds like I need to upgrade to version 6.x but do it in a clean install that preserves my array (ie I keep my data intact) ?  (as if I was upgrading from a version 4.x)?

 

Ran memtest overnight and it passed.

From this I found an interesting tidbit... I can start unRAID from a shutdown/power off state but any type of reboot fails to boot. Based on what I see on the screen (reported in orig. post) it seems to think it is coming out of an unsupported sleep state ? IDK, this is a bit over my head.

The first thing you should do is secure your local network. How is the server connected to the internet?
Link to comment

Agreed.

Its connected through a router. I didn't have aNY passwords on the unRAID though. All of my windows PC's have firewalls on them. I thought the router was enough (hardware firewall). Really didn't think about the unRAID box needing a firewall - and don't know how because when it comes to Linux I am pretty much a cripple.

 

what do you suggest?

Also, just want to thank you again for taking your time to help me out.

Link to comment

Agreed.

Its connected through a router. I didn't have aNY passwords on the unRAID though. All of my windows PC's have firewalls on them. I thought the router was enough (hardware firewall). Really didn't think about the unRAID box needing a firewall - and don't know how because when it comes to Linux I am pretty much a cripple.

 

what do you suggest?

Also, just want to thank you again for taking your time to help me out.

Your router should be the firewall for your whole network. What is it and how is it configured? Most routers are configured correctly by default and you have to take some trouble to configure it to allow incoming traffic. It shouldn't be allowing telnet from random IP addresses.
Link to comment

Just double checked my router settings all are as I left them with the usual recommended securest settings. Sorry, my post probably sounded like I did not know how to configure a router.

 

That telnet from an IP in Sweden (probably a VPN) baffles me. I looked through the unRAID settings and didn't see anything allowing remote access unless I did it in unMenu ?

 

From reading the syslog do you think the router was penetrated (which is what I think you are saying) or was it I have some setting in unRAID allowing remote access? both?

 

going to have a look at unMenu next. Everything takes forever now with a 3yr old and a newborn in the house.

Link to comment

didn't see anything in unmenu as far as installed packages goes but I did notice the last 6 lines of the syslog. Also, unMenu showed that SMB had stopped thus disks would be unaccessable whereas the GUI did not.

 

System Log (last 6 lines)  Legend => Errors Minor Issues Lime Tech unRAID engine System Drive related Network Logins Misc Other emhttp 
Jul 28 12:22:19 0Kcorral in.telnetd[5042]: connect from 121.236.106.111 (121.236.106.111)
Jul 28 12:22:21 0Kcorral telnetd[5042]: ttloop: peer died: EOF 
Jul 28 12:22:31 0Kcorral in.telnetd[5043]: connect from 119.32.53.157 (119.32.53.157)
Jul 28 12:22:31 0Kcorral telnetd[5043]: ttloop: peer died: EOF 
Jul 28 12:27:58 0Kcorral in.telnetd[5044]: connect from 119.32.53.157 (119.32.53.157)
Jul 28 12:28:00 0Kcorral telnetd[5044]: ttloop: peer died: EOF

Jul 28 12:22:31 0Kcorral telnetd[5043]: ttloop: peer died: EOF 
Jul 28 12:27:58 0Kcorral in.telnetd[5044]: connect from 119.32.53.157 (119.32.53.157)
Jul 28 12:28:00 0Kcorral telnetd[5044]: ttloop: peer died: EOF 
Jul 28 12:47:48 0Kcorral in.telnetd[5287]: connect from 188.154.107.218 (188.154.107.218)
Jul 28 12:51:04 0Kcorral kernel: NTFS driver 2.1.30 [Flags: R/W MODULE].
Jul 28 12:51:36 0Kcorral unmenu[3094]: which: no bwm-ng in (/bin:/sbin:/usr/bin:/usr/sbin)

 

I can not understand how these connections could be happening unless they are coming from (being allowed by) unRAID. Anything is possible but it does not SEEM likely to be due to my router being penetrated. Anyone have thoughts on this? I will buy a new router today if I need to but...

Link to comment

Is there more than one router? The router is between the Internet and your server. Any traffic reaching the server from the Internet is passing through the router. The is no way the server is allowing Internet sourced traffic on your LAN. The router is allowing hackers to access your unsecured server. Reset the router to it's default setting using the hardware reset and then change the passwords.

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...