June 6, 20197 yr I stumbled on an unraid server that is fully exposed and running with no security on the internet. It looks like someone in the US in bloomfield Indiana. What can I do to alert the user of the issue? It has been up for 47 days and running 6.5.3. Running pro version- so maybe I can give LT the reg key, and they can contact the user? Looks like it is running serviio and not much else- bunch of movies on drives.
June 6, 20197 yr You could delete the USB content and replace it with a file with your phone number 🤠 Edited June 6, 20197 yr by saarg
June 6, 20197 yr Author I'm definitely more on the white side of grey- probably won't do anything quite that malicious- just trying to save someone some headache. I have found several others but this was the most exposed.
June 6, 20197 yr Every time you see the machine is online and unsecured, shut it down. Least harm possible for best benefit. It can't be hacked by anyone else if it's off.
June 6, 20197 yr Author I grabbed the guid for the flash drive- and I'll turn it off and let LT know.
June 6, 20197 yr How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post.
June 6, 20197 yr 1 minute ago, primeval_god said: How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post. Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help.
June 6, 20197 yr Just now, jonathanm said: Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help. True, I guess you could embed an explanation in the container description, and a phone number in the name.
June 6, 20197 yr Author 5 minutes ago, primeval_god said: How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post. Honestly- I won't make changes out of principle. I will try to identify the user and inform them only. It appears from the movie collection, that it is an older person- possibly a war vet based on the military movies from by gone eras. I don't want some poor vet somewhere thinking that his system has been altered. Jonathan is right- off is the least damaging action and will keep his data safe until he can be informed. If it comes back on- and I fail to contact them- I may do other things to inform them when they reboot.
June 6, 20197 yr Wait a sec, it's possible to set Unraid up with no root password? I always thought the root password is required.
June 6, 20197 yr Author I sent info to LT- they will contact them. I powered it down for now. Edited June 6, 20197 yr by jordanmw
June 6, 20197 yr 3 hours ago, jordanmw said: I sent info to LT- they will contact them. I powered it down for now. Nice to see a good guy! Just curious, how did you come upon it?
June 6, 20197 yr Author There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches. From there- used a little google-fu to find others. There are a few, but most are not completely open like his was. Obviously anyone who leaves the default server name had Tower/Main in the title.
June 6, 20197 yr 7 minutes ago, jordanmw said: There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches. From there- used a little google-fu to find others. There are a few, but most are not completely open like his was. Obviously anyone who leaves the default server name had Tower/Main in the title. Clever.....
June 7, 20197 yr 4 hours ago, jordanmw said: There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches. From there- used a little google-fu to find others. There are a few, but most are not completely open like his was. Obviously anyone who leaves the default server name had Tower/Main in the title. Just FYI - A few versions back Unraid added a robots.txt file, which should keep legitimate search engines from indexing a server that is placed on the Internet. Edited June 7, 20197 yr by ljm42
June 7, 20197 yr Hi guys, a big big thumb up for jordanmw for posting and trying to inform the owner. But also to the community here where everybody can get a solution for different problems.
June 7, 20197 yr Author I know that LT tried to reach out to them but it is back online this morning. I shut it down again but if it comes back up, I may change their banner to something with a message for them. Good to know that they added the robots.txt so indexing won't continue. Maybe mail from LT is going to spam or something.
June 7, 20197 yr we need to identify this person and publicly shame them LOL JK good job @jordanmw if the server keeps coming back online unsecured that banner Idea is a good idea Edited June 7, 20197 yr by Fiservedpi
June 8, 20197 yr I would be really careful what you're doin. Sure, we all know you will not deal any harm to that person and this is all in his/her interest, but changing files on that persons pc in lot of countries without his permission is against the law. Just sayin.
June 9, 20197 yr On 6/6/2019 at 6:51 PM, jordanmw said: password not required I think that my Towers are unsecure, as I don't have to use a password. How can I make them secure?
Archived
This topic is now archived and is closed to further replies.