Process Jonason using a tone of CPU -BitCoinMiner detected


Addy

Recommended Posts

image.png.4143e997b5dde159e9b757f65ffcc030.png

 

Hey guys, does anyone know what this process belongs to? It had been smashing my server for a day.. I killed the process but it came back.. any idea's?

 

Location of file: image.png.42ebd2741ff63aa1c52257f0ea4e5d11.png

 

running 6.6.7

 

Addy

 

I think I found out why its using so much..

image.thumb.png.6a94df93f6e55fda24e034691ef1ed96.png

 

How the fuck does a miner get on my unraid..

Edited by Addy
Link to comment
2 minutes ago, jonathanm said:

Do you have any incoming ports open to the internet?

I have some ports open for Plex. I did DMZ it (i know) for like 5 minutes the other day to fix something real quick though - could this have been how it got in.

 

When I delete the file, it comes back any idea how I can stop that from happening?

Link to comment
12 minutes ago, jonathanm said:

Does it survive a reboot?

Looks like a reboot killed it, its been back up for about 5 minutes now. I'll keep an eye on it.. Thanks for your help. 

 

I think I should have put a password on root. I honestly didn't expect to love unraid so much and didn't plan this very well

Link to comment

On the plus side, it would almost take an unraid specific attack to survive a normal reboot, on the negative side, unraid is NOT secured, even with a password. You must not expose it to untrusted networks.

 

This situation is rapidly improving, I'm hoping within a year it will no longer be a necessary warning.

 

DMZ with no root password, I expect it probably took about 3 seconds to be penetrated. No, I'm not exaggerating.

Link to comment
1 minute ago, jonathanm said:

On the plus side, it would almost take an unraid specific attack to survive a normal reboot, on the negative side, unraid is NOT secured, even with a password. You must not expose it to untrusted networks.

 

This situation is rapidly improving, I'm hoping within a year it will no longer be a necessary warning.

 

DMZ with no root password, I expect it probably took about 3 seconds to be penetrated. No, I'm not exaggerating.

Thanks mate

Link to comment
27 minutes ago, Addy said:

I have some ports open for Plex.

Just to clarify my statement, opening ports is as risky as the answering service. Plex is popular, and if it got exploited, we would hear about it, so very low risk exposing ports for plex. Each port that is forwarded should be evaluated as to what software is answering on that port. Unraid's GUI should not be exposed.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.