Not really OMV related but this is probably good info for folks, and nobody reads Off-Topic. Looks like Asustor's got hit with a ransomware attack called 'Deadbolt'... Several posters on reddit and Asustor are saying Plex was possibly the attack vector... which I know a ton of folks here use. Not sure if this could effect non-Asustor devices, but just something to be aware of, especially if you have Plex open to the world.

https://www.reddit.com/r/asust…omware_attack_megathread/

Also, I know building your own is more work, requires some reading, etc.. but how anyone could buy one of these off the shelf units after all the ransomware attacks on Synology, and now this.. is beyond me.

Zitat von ryecoaaron

Might be possible to put OMV on it - https://github.com/mafredri/asustor_as-6xxt Someone send me one of these dangerous units and I will give it a shot : )

On that big ransomware thread.. (or maybe another I read.. there's several I've read).. There's a user talking about installing Debian on one. Obviously that should make an OMV install pretty easy, but I'm not familiar with them..

Another thing I'm noticing that seems to be a common theme... virtually all of them have auto updates off. Now I don't know if an update would have prevented this (doesn't seem that way) but that seems kinda silly. I know OMV doesn't have auto update by default.. but folks who aren't updating their system at least once a week should take note (ie, all of you using OMV 2.x-4.x)

Zitat von westyvw

Qnap pushed an update for Deadbolt and that makes me think plex is unrelated, just popular and one of 2 connections to the outside world. The other one being a remote access site. And thats the one that sounds more likely.

In any case I am going to make Plex folders read only as a precaution.

So I am trying to understand how to set this up, and really "Plex" could be any application.

Should the user plex runs under be in the docker group? Or is there no need for that, as portainer sets up the docker container, and the plex user just needs media and appdata access.

Edit: I bring this up because I see tutorials that will get you set up fast, but users are given way more permissions that what I think they need. Such as ssh, docker, configs, etc when all that user do (when attached to an application) is only whats necessary for that application.

Alles anzeigen

That part I put in bold is so freaking true. Look at how many users here, rather than properly setting permissions, just allow everyone/guests to read/write on everything (again a couple popular youtubers push this one.. because it doesn't require them to explain anything). It is a huge ass pet peeve of mine. I know permissions are kind of a PITA, especially if you're coming from a Windows world, but once you get the hang of it... it's really not that difficult and in my opinion is pretty important.

Regarding Plex... I agree it was unlikely the attack vector. When I posted this ASUSTOR was still actively trying to figure out what happened and looking for any commonality between the effected devices, and Plex (pretty logically) was on almost all of them. It seems now from following along it likely had to do w/ users using default ports and some "EZ Connect" button that their OS has. Having these shares read only, to me... is pretty sound policy (I have my Emby shares read only)

I put my user in the docker group only because it allows me to do simple things (start/stop/restart containers, docker-compose/docker-run), w/o dropping to root. To actually restart the service however, you still have to be root. I'm not sure if it's absolutely required that user be in the docker group or not (I don't think it is).

By the way, here's an interesting read on why you should keep those data folders read only. This guy fell victim to an obscure bug that hadn't been found (well it had been found but they couldn't isolate the problem), and when he removed a single movie, it deleted his entire library... 15tb worth.. The emby forum thread is archived unfortunately, but it was an interesting read. I've kept emby read only from then on. Also my Kodi boxes, I create a user they log in with to those shares, and that user is read only on those shares.

https://www.reddit.com/r/emby/…deletes_entire_libraries/

Zitat von mi-hol

As Jeff Geerling pointed out in this recent blog post

" Services that expose any home device (not just NASes) publicly over the Internet are ripe targets for hacking, because one vulnerability can lead to thousands of devices hacked.

Instead, I only expose devices to my internal network. If I absolutely need remote access, I will set up a connection through a secure VPN that I manage within my home. (And even that—running your own home VPN—is a risk I think most people shouldn't take.)"

Only mitigation against this risk: "have offside & offline storage".

While this is true.. containerizing your services and properly setting up your volumes, can substantially mitigate this.