dalben Posted January 9, 2020 Share Posted January 9, 2020 What do people here do when they come across a wide open unraid server accessible on the internet? Ideally I'd like to let the owner know just how exposed they are but other than renaming their server to something like "This server is open to the internet", I'm not sure of any other way. In the last 24hours I've come across about 5 such servers without specifically going looking for them. For now I've just left them alone and moved on, but I worry about them. Quote Link to comment
BRiT Posted January 9, 2020 Share Posted January 9, 2020 Turn them off? Maybe use the builtin send notification functionality first? Would be nice way to have then generate the popup or email or log it in syslog. 2 Quote Link to comment
testdasi Posted January 9, 2020 Share Posted January 9, 2020 I wonder if we can add a feature to the GUI that a user with root access can make obvious loud big alert on the GUI that lasts at least 24 hours. It would be normally utterly useless but would provide a mean to alert the user in scenarios such as this. Quote Link to comment
JonathanM Posted January 10, 2020 Share Posted January 10, 2020 12 hours ago, BRiT said: Turn them off? Every. Single. Time. Eventually they will either figure out how to secure it, or they will post here or email Tom for help, or they will give up running unraid. We don't need the bad publicity of somebodies hacked unraid server being used for some nefarious purpose, better to just shut it down so the bad guys can't use it. One of the unintended consequences of leaving the server fully exposed is that somebody can easily steal your license. That's bad for limetech, in multiple ways. Quote Link to comment
ldrax Posted January 10, 2020 Share Posted January 10, 2020 Just wondering how do you discover such machines, by chance or by scanning the intranet/internet? What are the most common mistakes here from the users here, other than being oblivious to public exposure, do they forget to change the default password? Quote Link to comment
dalben Posted January 10, 2020 Author Share Posted January 10, 2020 I stumbled across these when i was searching for what certain settings in the various config files were. These servers had no password and i could access their boot mnt. Then I was able to run the webgui as well. Everything was open. Quote Link to comment
ljm42 Posted January 10, 2020 Share Posted January 10, 2020 One option - if you can get to the command line, you could type something like this: /usr/local/emhttp/webGui/scripts/notify -e "Your Unraid server is not secured" -s "I found your Unraid on the Internet without a password" -d "You need to secure this before someone hacks you" -i "alert" That will give them a notification on the webgui and send them an email (if they have that configured) 1 1 Quote Link to comment
bastl Posted January 10, 2020 Share Posted January 10, 2020 (edited) Maybe change the banner also to a red one with a hint on it. Edit: Maybe don't change anything on the server for legal reasons. Edited January 10, 2020 by bastl Quote Link to comment
sjaak Posted January 10, 2020 Share Posted January 10, 2020 there are a lot of Unraid servers exposed to the www, shodan shows a lot of them, they are mostly secured with password (the default login page) i totally don't understand why people are expose the gui config to the www go use a VPN... if i found an unprotected server i turn them off. is it legal? not sure, i'm not hacking them, there is no login required, so.... Quote Link to comment
S80_UK Posted January 10, 2020 Share Posted January 10, 2020 In the UK, I suspect any intervention may fall under the terms of the Computer Misuse Act. (I am not a lawyer, but I would prefer not to take my chances.) Quote Link to comment
jordanmw Posted January 13, 2020 Share Posted January 13, 2020 This is an issue I have run into before: Quote Link to comment
Froberg Posted January 13, 2020 Share Posted January 13, 2020 Could it simply be someone who is trying to run some dockers online and fucked up their NAT settings? I don't view UNRaid as something a complete novice would get in to, but I don't understand how one can screw up this bad, either. Quote Link to comment
jordanmw Posted January 13, 2020 Share Posted January 13, 2020 (edited) If someone runs into an exposed unraid system- they should contact limetech and give them the license # so they can contact them and advise them on what to do next. Usually there is an email on file with them. Maybe shut it down to prevent others from pwning it. Edited January 13, 2020 by jordanmw 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.