After further investigation it looks that I had port 80 (not 443) open to the internet.
I used to run a static HTML there. But OMV installs using port 80 by default and therefor exposing itself to the internet.
It guess the hacker used this to log into OMV and install the nanominer.
Since the server has no personal data, I will just reinstall, to remove any traces.
The port 80 forwarding from the internet has been removed from the firewall.
After further investigation it looks that I had port 80 (not 443) open to the internet.
Where did you get that idea? Any tutorial on the internet?
After further investigation it looks that I had port 80 (not 443) open to the internet.
I used to run a static HTML there. But OMV installs using port 80 by default and therefor exposing itself to the internet.It guess the hacker used this to log into OMV and install the nanominer.
Since the server has no personal data, I will just reinstall, to remove any traces.
The port 80 forwarding from the internet has been removed from the firewall.
many of us have port 80 and 443 open to the internet on our routers, but it is routed to a reverse proxy for access to docker services and to handle ssl encryption. We either change port 80 to something else in OMV or we swap to a different port in the router and then use that port in the reverse proxy. I personally prefer to change my OMV port.
Directly opening ports to admin interfaces or ssh is a very bad idea.
many of us have port 80 and 443 open to the internet on our routers, but it is routed to a reverse proxy for access to docker services and to handle ssl encryption. We either change port 80 to something else in OMV or we swap to a different port in the router and then use that port in the reverse proxy. I personally prefer to change my OMV port.
Directly opening ports to admin interfaces or ssh is a very bad idea.
This is exactly how I had this on my old server (reverse proxy and letsencrypt).
However I forgot about port 80, which I don't need anymore,
Lesson learned, somebody earned some litte Monero and no damage done.
Time to reinstall the system and do it properly this time.
But OMV installs using port 80 by default and therefor exposing itself to the internet.
No, only to the local network. Exposing this port and the IP of your OMV system to the internet requires active actions from the user on the router or by setting up additional server that forwards this.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
