Unsecured Unraid server available with no password


jordanmw

Recommended Posts

I stumbled on an unraid server that is fully exposed and running with no security on the internet.  It looks like someone in the US in bloomfield Indiana.  What can I do to alert the user of the issue? It has been up for 47 days and running 6.5.3.  Running pro version- so maybe I can give LT the reg key, and they can contact the user?  Looks like it is running serviio and not much else- bunch of movies on drives. 

  • Like 1
Link to comment
1 minute ago, primeval_god said:

How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post.

Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help.

  • Like 1
Link to comment
Just now, jonathanm said:

Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help.

True, I guess you could embed an explanation in the container description, and a phone number in the name.

Link to comment
5 minutes ago, primeval_god said:

How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post.

Honestly- I won't make changes out of principle.  I will try to identify the user and inform them only.  It appears from the movie collection, that it is an older person- possibly a war vet based on the military movies from by gone eras. I don't want some poor vet somewhere thinking that his system has been altered.  Jonathan is right- off is the least damaging action and will keep his data safe until he can be informed.  If it comes back on- and I fail to contact them- I may do other things to inform them when they reboot. 

Link to comment

There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches.  From there- used a little google-fu to find others.  There are a few, but most are not completely open like his was.  Obviously anyone who leaves the default server name had Tower/Main in the title.

  • Upvote 1
Link to comment
7 minutes ago, jordanmw said:

There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches.  From there- used a little google-fu to find others.  There are a few, but most are not completely open like his was.  Obviously anyone who leaves the default server name had Tower/Main in the title.

Clever.....

Link to comment
4 hours ago, jordanmw said:

There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches.  From there- used a little google-fu to find others.  There are a few, but most are not completely open like his was.  Obviously anyone who leaves the default server name had Tower/Main in the title.

Just FYI - A few versions back Unraid added a robots.txt file, which should keep legitimate search engines from indexing a server that is placed on the Internet. 

Edited by ljm42
Link to comment

I know that LT tried to reach out to them but it is back online this morning.  I shut it down again but if it comes back up, I may change their banner to something with a message for them.  Good to know that they added the robots.txt so indexing won't continue.  Maybe mail from LT is going to spam or something.

Link to comment

I would be really careful what you're doin. Sure, we all know you will not deal any harm to that person and this is all in his/her interest, but changing files on that persons pc in lot of countries without his permission is against the law. Just sayin.

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.