November 8, 20178 yr Long story short, wanted to open port 80 for another machine and accidently entered my unRAID ip (it was a long day). So my unRAID box was open to the internet without any verification (was a fresh install and just set it up) for about 10~ hours, any tips for damage control and seeing if anyone messed with my server? I would be open to a fresh install but I'd like to keep my dockers + files on my disk
November 8, 20178 yr Check syslog for any activity not generated by you. If you intend to open common ports like http temporarily in the future, port forward from some obscure irrelevant port that is way out there so no one or the typical port scan won't ping it and discover it easily.
November 8, 20178 yr Author 3 minutes ago, unevent said: Check syslog for any activity not generated by you. If you intend to open common ports like http temporarily in the future, port forward from some obscure irrelevant port that is way out there so no one or the typical port scan won't ping it and discover it easily. Yeah that is a good idea, a mistake to be learned from
November 8, 20178 yr Author Just digged through the syslog a bit, seems like nobody SSHD into it, can't find anything weird in the logs either.
Archived
This topic is now archived and is closed to further replies.