November 12, 20178 yr I woke up this morning and noticed that some of my folders were missing. I then logged in to the server and seen 1 drive what was spun down. After spinning it up it didn't fix it so I rebooted and now Everything is gone. All dockers and ALL MY FILES! 24 TB now show gone. All drives show empty All my dockers are missing and only apps show available. ! SOMEONE HELP How can I attempt to recover this!!! HELP
November 12, 20178 yr Author I'm not totally sure how. I went to the tools > Diagnostics and downloaded the zip file. not sure if thats what you mean. attached is the zip file thor-diagnostics-20171112-1124.zip
November 12, 20178 yr Author it appears my server was hacked..which makes me worried that unraid is not secured.. was by Barok Edited November 12, 20178 yr by tmoran000
November 12, 20178 yr Just now, tmoran000 said: it appears my server was hacked..which makes me worried that unpaid is not secured They look like attempted logins. But nowhere does unRaid ever say that it is secure enough to be internet facing. Close the ports you're forwarding for ssh and use a VPN instead
November 12, 20178 yr Author but How would they have gotten in if I have a pretty secured password on the ROOT
November 12, 20178 yr 6 hours ago, tmoran000 said: but How would they have gotten in if I have a pretty secured password on the ROOT That's like asking how a pro thief gets in if you have a good pad lock. Depending on how the data was deleted, it may be recoverable if you know your way around data recovery software.
November 13, 20178 yr Author also I reloaded a new copy of unraid incase this asshat left anything on the server to compromise it. when I loaded the new version I checked the log and I'm getting this error.. should I be concerned.
November 13, 20178 yr Yes, you should be concerned. The could mean that the reinstall of unRAID was unsuccessful, or you have a bad USB stick or the USB stick needs to be taken out and have Error Checking run on it in a Windows machine, could be file system corruption. Make a backup of your .key file, btw. Edited November 13, 20178 yr by tdallen
November 14, 20178 yr Author Ok Thank you. I don't know what this asshole did other then Wipe all my drives clean. I worry he had placed something on my usb that is going to let him back in. Im building a Pfsense firewall now and I am pre clearing all my drives again. Do you think that is enough. Since he cleared my drives I am at the point of starting over fresh again. HIs name was Barok and left a text file that said BAROK WAS HERE and another that said FUCK OFF>.. what a asshole. Edited November 14, 20178 yr by tmoran000
November 14, 20178 yr Yes, pre-clearing the drives (including cache) and formatting the USB in another machine should completely clean the machine up. That said, you need to have a firewall up at all times. Are you at least behind a consumer level device (router, firewall, switch) while you are building? If so, make sure you don't have any ports open!
November 26, 20178 yr Author I have just finishing building a PFSENSE, I don't want this to happen again. since I am coming from a windows server where it ran software level firewall and not unraid does not have this option I did not have a firewall up of any kind other then the NAT on the router which is pretty much useless and I had server DMZ'd because I forgot I didn't have the software firewall any more so I am mostly responsible for this happening. but now. PFSense is up right after the ONT and before the ROUTER and only ports that are needed for server to run on every thing else is closed. Thanks a lot for the responses!
November 26, 20178 yr Bummer - hope you can replace most of your data. Locking down ports is the right approach e.g. I only have 443 (letsencrypt), 444 (VPN) and 32400 (Plex) open inbound. Check out snort on pfsense for more extra security. Edited November 26, 20178 yr by DZMM
November 26, 20178 yr check out this thread https://forums.lime-technology.com/topic/61401-useful-pfsense-links/
Archived
This topic is now archived and is closed to further replies.