Unsecured Unraid server available with no password


jordanmw

Recommended Posts

6 hours ago, HK-Steve said:

I think that my Towers are unsecure, as I don't have to use a password.

How can I make them secure?

The title of this thread refers to the fact that someone has exposed their server's webGUI to the internet, compounded by the lack of password. When you say you think your server is not secured, do you have access to manage the server from outside your LAN? If so, how exactly do you do that? If your answer doesn't involve connecting to your own VPN server, you are likely vulnerable.

Link to comment
38 minutes ago, jonathanm said:

The title of this thread refers to the fact that someone has exposed their server's webGUI to the internet, compounded by the lack of password. When you say you think your server is not secured, do you have access to manage the server from outside your LAN? If so, how exactly do you do that? If your answer doesn't involve connecting to your own VPN server, you are likely vulnerable.

Thanks, No I do not access outside my home network, I learned something today. Much appreciated.

Link to comment
25 minutes ago, jordanmw said:

Well the good news is that the server is no longer accessible from the internet- not sure if that means that they finally fixed it, or if it is still just turned off.  I'll check on it for a while to make sure it doesn't come back up. 

Or, their ISP issued them a new DHCP address.

Link to comment
4 hours ago, jonathanm said:

Or, their ISP issued them a new DHCP address.

If they did, I still would have found it on the next google crawl.  I wasn't looking for the address directly when I found it- stumbled across it when searching a log message.  I hope that means that he put it behind a nat gateway.  At any rate- I'll keep checking on it.

Link to comment

Well LT just contacted me to let me know that the user did finally get their message and has taken steps to remedy the issue.  Needless to say, they were glad that it was a community member that found it and shut it down to prevent harm.  Glad they handled it before some black hat decided to re-purpose it. :) 

  • Like 4
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.