Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Server security help - any extra steps to take?

Featured Replies

Hi all, 

Building an UnRAID server mainly for Plex was my first foray into networking. I just want to be sure I’m not leaving any easy access paths for my server to be ransomwared or infected. 

 

My server is connected to the internet in two ways: through Plex and OpenVPN. I use the OpenVPN docker and connect to it remotely with a few mobile devices using an OVPN configuration file.

 

For my home network, I make my important shares read only or private so they cannot be changed from another PC within my network.

 

Are there any other security steps I should be taking? Thanks.

  • Community Expert

Here are three threads from the past that you can read:

 

         https://forums.unraid.net/topic/58162-ransomware-got-into-my-unraid-server/

 

 

        https://forums.unraid.net/topic/57609-new-user-need-a-secure-strategy-for-write-access-avoiding-ransomware-exposure/#comment-565045

 

 

        https://forums.unraid.net/topic/58374-secure-writing-strategy-for-unraid-server-using-write-once-read-many-mode/#comment-572532

 

 

To my knowledge, I have not heard of anyone getting malware via the Plex Docker for unRAID.  Your VPN should be safe as long as your can keep the clients on the other end free from Malware and/or malfeasance on the part of the user.  unRAID is not exactly a likely candidate for a attack by the Black Hats as the user base isn't that large.  (However, if you do something stupid like put your server into a DMZ, you will have made it a very easy target for anyone with a 'kiddie script'!)  Your greatest risk will be from one of your clients becoming inflected with Malware and that client doing damage via SMB shares that it has access to.  As I understand it, most of the Ransomware attackers are more interested in shared files than local files as the victims are more likely to pay to recover those.   

  • Author

Thank you for your advice! Forgive my ignorance, what is a DMZ and how do I avoid accidentally putting my server in one?

Demilitarised Zone - a kind of no man's land between your router and your firewall. It's typically an IP address on your LAN to which incoming requests from the Internet to selected TCP ports are forwarded. If you haven't explicitly set one up you're very unlikely to have one. If you have set one up then you'll know which IP address to avoid.

  • Author

@John_MOk I definitely haven’t done anything like that on my home network. 

 

After reading the stuff that @Frank1940 posted, it seems the biggest risk is leaving shares with write access for an infected windows (or Mac) client to target.

 

So my plan is to leave all but one share in read only/secure or private mode. That one share will be set as public, only to be used as a temporary storage before I move them into a secure share. I will edit/change most files from within UnRAID using Krusader.

 

  • Community Expert
3 hours ago, CaliHeatx said:

So my plan is to leave all but one share in read only/secure or private mode. That one share will be set as public, only to be used as a temporary storage before I move them into a secure share. I will edit/change most files from within UnRAID using Krusader.

 

For a plan which is more automatic than this one, read the first post in the third thread that I posted a link to above.  It uses a bit of 'trickery' and the cache drive to allow to to add files to a protected User Share without having actual write access to the User Share.  In fact, all of my Shares are 'Secure' and none of them even have a user assigned with permission to write to them.  Basically, you write files to the cache drive and unRAID's Mover puts them into the array.  Any file management beyond adding files to a User Share, I do with Krusader.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.