jordanmw Posted June 6, 2019 Share Posted June 6, 2019 I stumbled on an unraid server that is fully exposed and running with no security on the internet. It looks like someone in the US in bloomfield Indiana. What can I do to alert the user of the issue? It has been up for 47 days and running 6.5.3. Running pro version- so maybe I can give LT the reg key, and they can contact the user? Looks like it is running serviio and not much else- bunch of movies on drives. 1 Quote Link to comment
saarg Posted June 6, 2019 Share Posted June 6, 2019 (edited) You could delete the USB content and replace it with a file with your phone number 🤠 Edited June 6, 2019 by saarg 1 Quote Link to comment
jordanmw Posted June 6, 2019 Author Share Posted June 6, 2019 I'm definitely more on the white side of grey- probably won't do anything quite that malicious- just trying to save someone some headache. I have found several others but this was the most exposed. Quote Link to comment
saarg Posted June 6, 2019 Share Posted June 6, 2019 Make a backup first then. Problem solved. Quote Link to comment
JonathanM Posted June 6, 2019 Share Posted June 6, 2019 Every time you see the machine is online and unsecured, shut it down. Least harm possible for best benefit. It can't be hacked by anyone else if it's off. Quote Link to comment
jordanmw Posted June 6, 2019 Author Share Posted June 6, 2019 I grabbed the guid for the flash drive- and I'll turn it off and let LT know. 1 Quote Link to comment
primeval_god Posted June 6, 2019 Share Posted June 6, 2019 How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post. Quote Link to comment
primeval_god Posted June 6, 2019 Share Posted June 6, 2019 And / or if they have notifications setup find a way to trigger a notification. 1 Quote Link to comment
JonathanM Posted June 6, 2019 Share Posted June 6, 2019 1 minute ago, primeval_god said: How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post. Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help. 1 Quote Link to comment
primeval_god Posted June 6, 2019 Share Posted June 6, 2019 Just now, jonathanm said: Only a fraction of Unraid users read this forum, and only a fraction of those post. There is no guarantee that someone clueless enough to leave the server open is clueful enough to come here for help. True, I guess you could embed an explanation in the container description, and a phone number in the name. Quote Link to comment
jordanmw Posted June 6, 2019 Author Share Posted June 6, 2019 5 minutes ago, primeval_god said: How about adding a benign docker container and give it a scary sounding name. Like "Hacked" or PWNED or "Virus Bot". Then wait for the inevitable panicked forum post. Honestly- I won't make changes out of principle. I will try to identify the user and inform them only. It appears from the movie collection, that it is an older person- possibly a war vet based on the military movies from by gone eras. I don't want some poor vet somewhere thinking that his system has been altered. Jonathan is right- off is the least damaging action and will keep his data safe until he can be informed. If it comes back on- and I fail to contact them- I may do other things to inform them when they reboot. Quote Link to comment
testdasi Posted June 6, 2019 Share Posted June 6, 2019 Wait a sec, it's possible to set Unraid up with no root password? I always thought the root password is required. Quote Link to comment
jordanmw Posted June 6, 2019 Author Share Posted June 6, 2019 password not required Quote Link to comment
jordanmw Posted June 6, 2019 Author Share Posted June 6, 2019 (edited) I sent info to LT- they will contact them. I powered it down for now. Edited June 6, 2019 by jordanmw 1 1 Quote Link to comment
CHBMB Posted June 6, 2019 Share Posted June 6, 2019 3 hours ago, jordanmw said: I sent info to LT- they will contact them. I powered it down for now. Nice to see a good guy! Just curious, how did you come upon it? Quote Link to comment
jordanmw Posted June 6, 2019 Author Share Posted June 6, 2019 There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches. From there- used a little google-fu to find others. There are a few, but most are not completely open like his was. Obviously anyone who leaves the default server name had Tower/Main in the title. 1 Quote Link to comment
CHBMB Posted June 6, 2019 Share Posted June 6, 2019 7 minutes ago, jordanmw said: There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches. From there- used a little google-fu to find others. There are a few, but most are not completely open like his was. Obviously anyone who leaves the default server name had Tower/Main in the title. Clever..... Quote Link to comment
ljm42 Posted June 7, 2019 Share Posted June 7, 2019 (edited) 4 hours ago, jordanmw said: There are strings in the logs that are unique to unraid, and if the server is fully open to the internet- they get indexed in google searches. From there- used a little google-fu to find others. There are a few, but most are not completely open like his was. Obviously anyone who leaves the default server name had Tower/Main in the title. Just FYI - A few versions back Unraid added a robots.txt file, which should keep legitimate search engines from indexing a server that is placed on the Internet. Edited June 7, 2019 by ljm42 Quote Link to comment
hitman2158 Posted June 7, 2019 Share Posted June 7, 2019 Hi guys, a big big thumb up for jordanmw for posting and trying to inform the owner. But also to the community here where everybody can get a solution for different problems. Quote Link to comment
jordanmw Posted June 7, 2019 Author Share Posted June 7, 2019 I know that LT tried to reach out to them but it is back online this morning. I shut it down again but if it comes back up, I may change their banner to something with a message for them. Good to know that they added the robots.txt so indexing won't continue. Maybe mail from LT is going to spam or something. Quote Link to comment
JonathanM Posted June 7, 2019 Share Posted June 7, 2019 Change the auto start so the array doesn't come up automatically. Quote Link to comment
Fiservedpi Posted June 7, 2019 Share Posted June 7, 2019 (edited) we need to identify this person and publicly shame them LOL JK good job @jordanmw if the server keeps coming back online unsecured that banner Idea is a good idea Edited June 7, 2019 by Fiservedpi Quote Link to comment
BRiT Posted June 7, 2019 Share Posted June 7, 2019 Change the default boot option to be MEMTEST. 👿 1 Quote Link to comment
bastl Posted June 8, 2019 Share Posted June 8, 2019 I would be really careful what you're doin. Sure, we all know you will not deal any harm to that person and this is all in his/her interest, but changing files on that persons pc in lot of countries without his permission is against the law. Just sayin. 1 Quote Link to comment
HK-Steve Posted June 9, 2019 Share Posted June 9, 2019 On 6/6/2019 at 6:51 PM, jordanmw said: password not required I think that my Towers are unsecure, as I don't have to use a password. How can I make them secure? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.