Addy Posted October 17, 2019 Share Posted October 17, 2019 (edited) Hey guys, does anyone know what this process belongs to? It had been smashing my server for a day.. I killed the process but it came back.. any idea's? Location of file: running 6.6.7 Addy I think I found out why its using so much.. How the fuck does a miner get on my unraid.. Edited October 17, 2019 by Addy Quote Link to comment
JonathanM Posted October 17, 2019 Share Posted October 17, 2019 Do you have any incoming ports open to the internet? 1 Quote Link to comment
Addy Posted October 17, 2019 Author Share Posted October 17, 2019 2 minutes ago, jonathanm said: Do you have any incoming ports open to the internet? I have some ports open for Plex. I did DMZ it (i know) for like 5 minutes the other day to fix something real quick though - could this have been how it got in. When I delete the file, it comes back any idea how I can stop that from happening? Quote Link to comment
JonathanM Posted October 17, 2019 Share Posted October 17, 2019 Does it survive a reboot? 1 Quote Link to comment
Addy Posted October 17, 2019 Author Share Posted October 17, 2019 12 minutes ago, jonathanm said: Does it survive a reboot? Looks like a reboot killed it, its been back up for about 5 minutes now. I'll keep an eye on it.. Thanks for your help. I think I should have put a password on root. I honestly didn't expect to love unraid so much and didn't plan this very well Quote Link to comment
JonathanM Posted October 17, 2019 Share Posted October 17, 2019 On the plus side, it would almost take an unraid specific attack to survive a normal reboot, on the negative side, unraid is NOT secured, even with a password. You must not expose it to untrusted networks. This situation is rapidly improving, I'm hoping within a year it will no longer be a necessary warning. DMZ with no root password, I expect it probably took about 3 seconds to be penetrated. No, I'm not exaggerating. Quote Link to comment
Addy Posted October 17, 2019 Author Share Posted October 17, 2019 1 minute ago, jonathanm said: On the plus side, it would almost take an unraid specific attack to survive a normal reboot, on the negative side, unraid is NOT secured, even with a password. You must not expose it to untrusted networks. This situation is rapidly improving, I'm hoping within a year it will no longer be a necessary warning. DMZ with no root password, I expect it probably took about 3 seconds to be penetrated. No, I'm not exaggerating. Thanks mate Quote Link to comment
JonathanM Posted October 17, 2019 Share Posted October 17, 2019 27 minutes ago, Addy said: I have some ports open for Plex. Just to clarify my statement, opening ports is as risky as the answering service. Plex is popular, and if it got exploited, we would hear about it, so very low risk exposing ports for plex. Each port that is forwarded should be evaluated as to what software is answering on that port. Unraid's GUI should not be exposed. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.