Jump to content
jordanmw

Unsecured Unraid server available with no password

35 posts in this topic Last Reply

Recommended Posts

I stumbled on an unraid server that is fully exposed and running with no security on the internet.  It looks like someone in the US in bloomfield Indiana.  What can I do to alert the user of the issue? It has been up for 47 days and running 6.5.3.  Running pro version- so maybe I can give LT the reg key, and they can contact the user?  Looks like it is running serviio and not much else- bunch of movies on drives. 

Share this post


Link to post
Posted (edited)

You could delete the USB content and replace it with a file with your phone number 🤠

Edited by saarg

Share this post


Link to post

I'm definitely more on the white side of grey- probably won't do anything quite that malicious- just trying to save someone some headache.  I have found several others but this was the most exposed. 

Share this post


Link to post

Make a backup first then. Problem solved.

Share this post


Link to post

Every time you see the machine is online and unsecured, shut it down. Least harm possible for best benefit. It can't be hacked by anyone else if it's off.

 

Share this post


Link to post

I grabbed the guid for the flash drive- and I'll turn it off and let LT know.

Share this post


Link to post

How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post.

Share this post


Link to post
1 minute ago, primeval_god said:

How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post.

Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help.

Share this post


Link to post
Just now, jonathanm said:

Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help.

True, I guess you could embed an explanation in the container description, and a phone number in the name.

Share this post


Link to post
5 minutes ago, primeval_god said:

How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post.

Honestly- I won't make changes out of principle.  I will try to identify the user and inform them only.  It appears from the movie collection, that it is an older person- possibly a war vet based on the military movies from by gone eras. I don't want some poor vet somewhere thinking that his system has been altered.  Jonathan is right- off is the least damaging action and will keep his data safe until he can be informed.  If it comes back on- and I fail to contact them- I may do other things to inform them when they reboot. 

Share this post


Link to post

Wait a sec, it's possible to set Unraid up with no root password? I always thought the root password is required.

Share this post


Link to post
Posted (edited)

I sent info to LT- they will contact them. I powered it down for now.

Edited by jordanmw
  • Like 1
  • Upvote 1

Share this post


Link to post
3 hours ago, jordanmw said:

I sent info to LT- they will contact them. I powered it down for now.

Nice to see a good guy!  Just curious, how did you come upon it?

Share this post


Link to post

There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches.  From there- used a little google-fu to find others.  There are a few, but most are not completely open like his was.  Obviously anyone who leaves the default server name had Tower/Main in the title.

Share this post


Link to post
7 minutes ago, jordanmw said:

There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches.  From there- used a little google-fu to find others.  There are a few, but most are not completely open like his was.  Obviously anyone who leaves the default server name had Tower/Main in the title.

Clever.....

Share this post


Link to post
Posted (edited)
4 hours ago, jordanmw said:

There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches.  From there- used a little google-fu to find others.  There are a few, but most are not completely open like his was.  Obviously anyone who leaves the default server name had Tower/Main in the title.

Just FYI - A few versions back Unraid added a robots.txt file, which should keep legitimate search engines from indexing a server that is placed on the Internet. 

Edited by ljm42

Share this post


Link to post

Hi guys,

 

a big big thumb up for jordanmw for posting and trying to inform the owner. But also to the community here where everybody can get a solution for different problems.

Share this post


Link to post

I know that LT tried to reach out to them but it is back online this morning.  I shut it down again but if it comes back up, I may change their banner to something with a message for them.  Good to know that they added the robots.txt so indexing won't continue.  Maybe mail from LT is going to spam or something.

Share this post


Link to post

Change the auto start so the array doesn't come up automatically.

Share this post


Link to post
Posted (edited)

we need to identify this person and publicly shame them LOL JK good job @jordanmw

if the server keeps coming back online unsecured that banner Idea is a good idea 

Edited by Fiservedpi

Share this post


Link to post

Change the default boot option to be MEMTEST. 👿

Share this post


Link to post

I would be really careful what you're doin. Sure, we all know you will not deal any harm to that person and this is all in his/her interest, but changing files on that persons pc in lot of countries without his permission is against the law. Just sayin.

Share this post


Link to post
On 6/6/2019 at 6:51 PM, jordanmw said:

password not required

I think that my Towers are unsecure, as I don't have to use a password.

How can I make them secure?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.