tmoran000 Posted November 12, 2017 Share Posted November 12, 2017 I woke up this morning and noticed that some of my folders were missing. I then logged in to the server and seen 1 drive what was spun down. After spinning it up it didn't fix it so I rebooted and now Everything is gone. All dockers and ALL MY FILES! 24 TB now show gone. All drives show empty All my dockers are missing and only apps show available. ! SOMEONE HELP How can I attempt to recover this!!! HELP Quote Link to comment
Squid Posted November 12, 2017 Share Posted November 12, 2017 post diagnostics before you reboot Quote Link to comment
tmoran000 Posted November 12, 2017 Author Share Posted November 12, 2017 thats the problem. I rebooted already and thats when the issue occured Quote Link to comment
Squid Posted November 12, 2017 Share Posted November 12, 2017 NP. Since they're still not there, post your diagnostics Quote Link to comment
tmoran000 Posted November 12, 2017 Author Share Posted November 12, 2017 I'm not totally sure how. I went to the tools > Diagnostics and downloaded the zip file. not sure if thats what you mean. attached is the zip file thor-diagnostics-20171112-1124.zip Quote Link to comment
tmoran000 Posted November 12, 2017 Author Share Posted November 12, 2017 (edited) it appears my server was hacked..which makes me worried that unraid is not secured.. was by Barok Edited November 12, 2017 by tmoran000 Quote Link to comment
Squid Posted November 12, 2017 Share Posted November 12, 2017 Just now, tmoran000 said: it appears my server was hacked..which makes me worried that unpaid is not secured They look like attempted logins. But nowhere does unRaid ever say that it is secure enough to be internet facing. Close the ports you're forwarding for ssh and use a VPN instead Quote Link to comment
tmoran000 Posted November 12, 2017 Author Share Posted November 12, 2017 but How would they have gotten in if I have a pretty secured password on the ROOT Quote Link to comment
testdasi Posted November 12, 2017 Share Posted November 12, 2017 6 hours ago, tmoran000 said: but How would they have gotten in if I have a pretty secured password on the ROOT That's like asking how a pro thief gets in if you have a good pad lock. Depending on how the data was deleted, it may be recoverable if you know your way around data recovery software. 1 Quote Link to comment
tmoran000 Posted November 13, 2017 Author Share Posted November 13, 2017 I dont on linux. I have no idea where to start Quote Link to comment
tmoran000 Posted November 13, 2017 Author Share Posted November 13, 2017 also I reloaded a new copy of unraid incase this asshat left anything on the server to compromise it. when I loaded the new version I checked the log and I'm getting this error.. should I be concerned. Quote Link to comment
tdallen Posted November 13, 2017 Share Posted November 13, 2017 (edited) Yes, you should be concerned. The could mean that the reinstall of unRAID was unsuccessful, or you have a bad USB stick or the USB stick needs to be taken out and have Error Checking run on it in a Windows machine, could be file system corruption. Make a backup of your .key file, btw. Edited November 13, 2017 by tdallen 1 Quote Link to comment
tmoran000 Posted November 14, 2017 Author Share Posted November 14, 2017 (edited) Ok Thank you. I don't know what this asshole did other then Wipe all my drives clean. I worry he had placed something on my usb that is going to let him back in. Im building a Pfsense firewall now and I am pre clearing all my drives again. Do you think that is enough. Since he cleared my drives I am at the point of starting over fresh again. HIs name was Barok and left a text file that said BAROK WAS HERE and another that said FUCK OFF>.. what a asshole. Edited November 14, 2017 by tmoran000 Quote Link to comment
tdallen Posted November 14, 2017 Share Posted November 14, 2017 Yes, pre-clearing the drives (including cache) and formatting the USB in another machine should completely clean the machine up. That said, you need to have a firewall up at all times. Are you at least behind a consumer level device (router, firewall, switch) while you are building? If so, make sure you don't have any ports open! 1 Quote Link to comment
tmoran000 Posted November 26, 2017 Author Share Posted November 26, 2017 I have just finishing building a PFSENSE, I don't want this to happen again. since I am coming from a windows server where it ran software level firewall and not unraid does not have this option I did not have a firewall up of any kind other then the NAT on the router which is pretty much useless and I had server DMZ'd because I forgot I didn't have the software firewall any more so I am mostly responsible for this happening. but now. PFSense is up right after the ONT and before the ROUTER and only ports that are needed for server to run on every thing else is closed. Thanks a lot for the responses! Quote Link to comment
DZMM Posted November 26, 2017 Share Posted November 26, 2017 (edited) Bummer - hope you can replace most of your data. Locking down ports is the right approach e.g. I only have 443 (letsencrypt), 444 (VPN) and 32400 (Plex) open inbound. Check out snort on pfsense for more extra security. Edited November 26, 2017 by DZMM 1 Quote Link to comment
tmoran000 Posted November 26, 2017 Author Share Posted November 26, 2017 Thanks for the Advice. Quote Link to comment
DZMM Posted November 26, 2017 Share Posted November 26, 2017 check out this thread https://forums.lime-technology.com/topic/61401-useful-pfsense-links/ 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.