Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

NAS Compromised

Featured Replies

I was running adguard and also have a UDM pro, when i noticed that stuff was getting blocked from my nas. I immediatly closed port 22, then saw this in the syslog:

 

Oct 29 09:42:54 NAS sshd[9909]: error: connect_to payy.co.com port 80: failed.
Oct 29 09:42:54 NAS sshd[9909]: channel_by_id: 0: bad id: channel free
Oct 29 09:42:54 NAS sshd[9909]: Disconnecting user adm 89.39.104.123 port 4746: oclose packet referred to nonexistent channel 0
Oct 29 09:42:54 NAS sshd[9909]: Connection reset by user adm 89.39.104.123 port 4746
Oct 29 09:44:19 NAS sshd[24421]: error: connect_to t.paypal.com: unknown host (Name or service not known)
Oct 29 09:44:19 NAS sshd[24421]: error: connect_to b.stats.paypal.com: unknown host (Name or service not known)
Oct 29 09:44:20 NAS sshd[24421]: error: connect_to t.paypal.com: unknown host (Name or service not known)
Oct 29 09:44:32 NAS sshd[24421]: error: connect_to t.paypal.com: unknown host (Name or service not known)
Oct 29 09:44:51 NAS sshd[24421]: error: connect_to t.paypal.com: unknown host (Name or service not known)
Oct 29 09:46:23 NAS webGUI: Successful login user root from 192.168.2.1

Uh.. should i be worried? And how to further check my nas for compromises?

-edit-

 

Saw some more things and i thought, i should be running under user adm then right?

root       776  7449  0 09:18 ?        00:00:00 sshd: adm [priv]
adm        778   776  0 09:18 ?        00:00:00 sshd: adm
root      7645  7449  0 08:32 ?        00:00:00 sshd: adm [priv]
adm       7647  7645  0 08:32 ?        00:00:15 sshd: adm
root     10553  7449  0 09:40 ?        00:00:00 sshd: adm [priv]
adm      10555 10553  0 09:40 ?        00:00:00 sshd: adm
root     19024  8802  0 10:00 pts/0    00:00:00 grep adm
root     23428  7449  0 Oct25 ?        00:00:00 sshd: adm [priv]
adm      23430 23428  0 Oct25 ?        00:00:00 sshd: adm
root     26296  7449  0 09:10 ?        00:00:00 sshd: adm [priv]
adm      26310 26296  0 09:10 ?        00:00:00 sshd: adm
root     30985  7449  0 Oct28 ?        00:00:00 sshd: adm [priv]
adm      30988 30985  0 Oct28 ?        00:00:01 sshd: adm
root     31687  7449  0 Oct26 ?        00:00:00 sshd: adm [priv]
adm      31689 31687  0 Oct26 ?        00:00:07 sshd: adm

I'm rebooting it right now just to be safe.

Edited by Tuumke

  • Community Expert

Your Unraid box was exposed to the internet?

  • Author
Just now, Michael_P said:

Your Unraid box was exposed to the internet?

Indirectly.

 

Had port 22 forwarded (as wel as 80 en 443)

  • Community Expert

That's pretty directly lol - leaving 22 80 and 443 is terribad - that's like saying you locked up your house but went ahead and left the front door, garage door, and back door wide open.

 

Wipe clean and start fresh, once it's compromised it can't be trusted

  • Author
On 10/29/2020 at 10:27 AM, Michael_P said:

That's pretty directly lol - leaving 22 80 and 443 is terribad - that's like saying you locked up your house but went ahead and left the front door, garage door, and back door wide open.

 

Wipe clean and start fresh, once it's compromised it can't be trusted

Lol, so many data on it.. i can't just wipeclean...

  • Community Expert

Start with the OS and go from there

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.