Jump to content
jordanmw

Unsecured Unraid server available with no password

35 posts in this topic Last Reply

Recommended Posts

57 minutes ago, HK-Steve said:

I think that my Towers are unsecure, as I don't have to use a password.

How can I make them secure?

Go to the Users tab and set a password for the ‘root’ user.

Share this post


Link to post
6 hours ago, HK-Steve said:

I think that my Towers are unsecure, as I don't have to use a password.

How can I make them secure?

The title of this thread refers to the fact that someone has exposed their server's webGUI to the internet, compounded by the lack of password. When you say you think your server is not secured, do you have access to manage the server from outside your LAN? If so, how exactly do you do that? If your answer doesn't involve connecting to your own VPN server, you are likely vulnerable.

Share this post


Link to post
38 minutes ago, jonathanm said:

The title of this thread refers to the fact that someone has exposed their server's webGUI to the internet, compounded by the lack of password. When you say you think your server is not secured, do you have access to manage the server from outside your LAN? If so, how exactly do you do that? If your answer doesn't involve connecting to your own VPN server, you are likely vulnerable.

Thanks, No I do not access outside my home network, I learned something today. Much appreciated.

Share this post


Link to post

Well the good news is that the server is no longer accessible from the internet- not sure if that means that they finally fixed it, or if it is still just turned off.  I'll check on it for a while to make sure it doesn't come back up. 

Share this post


Link to post
25 minutes ago, jordanmw said:

Well the good news is that the server is no longer accessible from the internet- not sure if that means that they finally fixed it, or if it is still just turned off.  I'll check on it for a while to make sure it doesn't come back up. 

Or, their ISP issued them a new DHCP address.

Share this post


Link to post
4 hours ago, jonathanm said:

Or, their ISP issued them a new DHCP address.

If they did, I still would have found it on the next google crawl.  I wasn't looking for the address directly when I found it- stumbled across it when searching a log message.  I hope that means that he put it behind a nat gateway.  At any rate- I'll keep checking on it.

Share this post


Link to post

Well LT just contacted me to let me know that the user did finally get their message and has taken steps to remedy the issue.  Needless to say, they were glad that it was a community member that found it and shut it down to prevent harm.  Glad they handled it before some black hat decided to re-purpose it. :) 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.