orkid1989 Posted August 5, 2018 Share Posted August 5, 2018 been using unraid for a few days a setup 2 vm's for gaming servers. unfortunately i believe that somehow someone has hacked into the server and im not sure how they did it or what i can do to get them off. i increased the routers security and made sure the windows security was on but this morning i checked the servers and both show changes and accessing websites that i have never been to on the vm's. such as ip-score.com gmail and logging into my router. luckily it appears that they could not get into my router and doesn't appear to have been able to access my network or gaming computer. at the moment the server doesn't have any potentially valuable information but was planning on backing up my gaming computer to it which could. not sure what to do and need help. Quote Link to comment
orkid1989 Posted August 5, 2018 Author Share Posted August 5, 2018 update: did more looking and they did get access to my router somehow and i think they changed the server to dmz so they could access it. luckily i guess they didn't see my gaming rig and it has eset security on it so hope its relatively safe Quote Link to comment
pwm Posted August 5, 2018 Share Posted August 5, 2018 First step of course to figure out what route they took. Attacking the router from the outside? Or did you forward ports in the router so they could directly attack machines on the inside and from machines on the inside attack the router and other equipment? Or does one of your machines contain a trojan that opens a reverse tunnel that they could use to attack other equipment? Quote Link to comment
orkid1989 Posted August 5, 2018 Author Share Posted August 5, 2018 im not sure which or how to diagnose that. i know on my router log it has alot of entries that say telnet. not really sure if its related or not Quote Link to comment
pwm Posted August 5, 2018 Share Posted August 5, 2018 37 minutes ago, orkid1989 said: im not sure which or how to diagnose that. i know on my router log it has alot of entries that say telnet. not really sure if its related or not Telnet is an unsafe protocol that should never be allowed to be open on any equipment. Any login using telnet will send the account name and password in clear text - so anyone that can listen in on network traffic can retrieve the credentials. But if your router has lots of log lines, the log lines must also contain time and IP numbers. And the IP numbers indicates access attempts from the inside or from the outside - and in the case of inside attacks, they most probably will match the IP of specific machines. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.