Zero Posted November 8, 2017 Share Posted November 8, 2017 Long story short, wanted to open port 80 for another machine and accidently entered my unRAID ip (it was a long day). So my unRAID box was open to the internet without any verification (was a fresh install and just set it up) for about 10~ hours, any tips for damage control and seeing if anyone messed with my server? I would be open to a fresh install but I'd like to keep my dockers + files on my disk Quote Link to comment
unevent Posted November 8, 2017 Share Posted November 8, 2017 Check syslog for any activity not generated by you. If you intend to open common ports like http temporarily in the future, port forward from some obscure irrelevant port that is way out there so no one or the typical port scan won't ping it and discover it easily. Quote Link to comment
Zero Posted November 8, 2017 Author Share Posted November 8, 2017 3 minutes ago, unevent said: Check syslog for any activity not generated by you. If you intend to open common ports like http temporarily in the future, port forward from some obscure irrelevant port that is way out there so no one or the typical port scan won't ping it and discover it easily. Yeah that is a good idea, a mistake to be learned from Quote Link to comment
Zero Posted November 8, 2017 Author Share Posted November 8, 2017 Just digged through the syslog a bit, seems like nobody SSHD into it, can't find anything weird in the logs either. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.