Jump to content
dalben

When you come across a wide open UNRAID server...

13 posts in this topic Last Reply

Recommended Posts

What do people here do when they come across a wide open unraid server accessible on the internet?  Ideally I'd like to let the owner know just how exposed they are but other than renaming their server to something like "This server is open to the internet", I'm not sure of any other way.

 

In the last 24hours I've come across about 5 such servers without specifically going looking for them.  For now I've just left them alone and moved on, but I worry about them.

Share this post


Link to post

Turn them off?

Maybe use the builtin send notification functionality first? Would be nice way to have then generate the popup or email or log it in syslog.

Share this post


Link to post

I wonder if we can add a feature to the GUI that a user with root access can make obvious loud big alert on the GUI that lasts at least 24 hours.

It would be normally utterly useless but would provide a mean to alert the user in scenarios such as this.

Share this post


Link to post
12 hours ago, BRiT said:

Turn them off?

Every. Single. Time.

 

Eventually they will either figure out how to secure it, or they will post here or email Tom for help, or they will give up running unraid.

 

We don't need the bad publicity of somebodies hacked unraid server being used for some nefarious purpose, better to just shut it down so the bad guys can't use it.

 

One of the unintended consequences of leaving the server fully exposed is that somebody can easily steal your license. That's bad for limetech, in multiple ways.

Share this post


Link to post

Just wondering how do you discover such machines, by chance or by scanning the intranet/internet?
What are the most common mistakes here from the users here, other than being oblivious to public exposure, do they forget to change the default password?
 

Share this post


Link to post

I stumbled across these when i was searching for what certain settings in the various config files were. 

 

These servers had no password and i could access their boot mnt. Then I was able to run the webgui as well. Everything was open. 

Share this post


Link to post

One option - if you can get to the command line, you could type something like this:

/usr/local/emhttp/webGui/scripts/notify -e "Your Unraid server is not secured" -s "I found your Unraid on the Internet without a password" -d "You need to secure this before someone hacks you" -i "alert"

That will give them a notification on the webgui and send them an email (if they have that configured)

 

  • Like 1
  • Haha 1

Share this post


Link to post

Maybe change the banner also to a red one with a hint on it.

 

Edit:

Maybe don't change anything on the server for legal reasons.

Edited by bastl

Share this post


Link to post

there are a lot of Unraid servers exposed to the www, shodan shows a lot of them, they are mostly secured with password (the default login page)

i totally don't understand why people are expose the gui config to the www go use a VPN...

 

if i found an unprotected server i turn them off. is it legal? not sure, i'm not hacking them, there is no login required, so....

Share this post


Link to post

In the UK, I suspect any intervention may fall under the terms of the Computer Misuse Act. (I am not a lawyer, but I would prefer not to take my chances.)

Share this post


Link to post

Could it simply be someone who is trying to run some dockers online and fucked up their NAT settings? I don't view UNRaid as something a complete novice would get in to, but I don't understand how one can screw up this bad, either.

Share this post


Link to post

If someone runs into an exposed unraid system- they should contact limetech and give them the license # so they can contact them and advise them on what to do next.  Usually there is an email on file with them.

 

Maybe shut it down to prevent others from pwning it.

Edited by jordanmw

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.