I think my nas is infected with a cryptocurrency virus

    • Offizieller Beitrag
    Zitat von aguti76

    I have given you all the information I have to the best of my knowledge.

    I have to improve? Of course yes but if I had been better I probably wouldn't have needed help.

    I also have a life (that doesn't revolve around my home server) that keeps me very busy so I don't understand why you respond to me this way. If you don't want or don't know how to help me then I still thank you and say goodbye

    I think there's a language barrier that has caused a lot of misunderstanding. English is clearly not your first language, and most of the folks trying to help you in this thread, it is their native language or they are very comfortable with it as a 2nd.


    Your original question was a bit disjointed and it appeared you suggested the problem was docker related. So you were asked which container you thought caused it, and you simply posted a list of the containers you use, which didn't answer the question. Then folks were responding to help you, an you were off looking at old threads on how to deal with high CPU usage. High CPU usage was not your issue, it was a symptom of the problem which was a crypto miner. In order to fix the crypto miner (and have some peace of mind), you're going to have to do a complete reinstall.


    We seem to have discovered where the intrusion very likely came from (port 80) and you've received advice on how to resolve this and avoid it in the future.


    Not really sure what more could have been done here.

    • Offizieller Beitrag
    Zitat von fbeye

    I feel that at this stage of the conversation you coulda' reformatted, reinstalled and been happy with a new clean system.

    Well, if he's smart that's what he's going to do anyway. As was already suggested, no way I'd use a system that had been compromised in this manner.


    That said, if you just reinstall and don't address what allowed this to happen, it's just going to happen again on the new install. I think this thread has narrowed down the likely culprits that he needs to address. Whether he does or not, is up to him.

    Zitat von KM0201

    Your original question was a bit disjointed and it appeared you suggested the problem was docker related.

    But it's not true! Someone asked me if I had installed from unknown sources or just containers, and I said “just containers”. I didn't say that the problem was attributable to containers. I just answered a question. Go read the conversation and you'll see that you'll agree with me

    Zitat von chente

    If you are installing from scratch maybe this will be useful for you. It includes an NPM container already configured and other containers that may be useful to you.

    Thema
    OMV Quick Configuration Guide
    OMV QUICK CONFIGURATION GUIDE


    This is a quick guide to make a standard OMV setup with samba and several docker containers running.
    Just follow the steps. This is for those users who want to get their server up and running quickly. There are no explanations, if you need to understand something about what you are doing consult the openmediavault documentation and omv-extras to find the information, everything is explained there.


    ISSUES TO CONSIDER
    • This procedure is designed for a system with a single
    chente

    This is a great help to me. Thank you! In this guide, the installation of containers does not go through portainers, right?

    • Offizieller Beitrag
    Zitat von aguti76

    This is a great help to me. Thank you!

    You are welcome. :thumbup:

    Zitat von aguti76

    In this guide, the installation of containers does not go through portainers, right?

    No, everything is set up with the compose plugin. No Portainer. You will see it as you progress through the configuration.

    • Offizieller Beitrag
    Zitat von aguti76

    But it's not true! Someone asked me if I had installed from unknown sources or just containers, and I said “just containers”. I didn't say that the problem was attributable to containers. I just answered a question. Go read the conversation and you'll see that you'll agree with me

    Uh, I've read the conversation. In fact I'm pretty sure I showed you exactly from where the infection came. (You didn't secure your domain properly and someone just waltzed right onto your server via Port 80)


    Votdev asked you if you had any idea the source of the infection. Then he asked, "Container or manually installed packages from suspicious sources?"


    To me, and most others here, he was asking where did you think the source of the infection came from... Containers or manually installed packages from suspicious sources.


    You replied, "Containers in Portainer" to me, and most here... you were replying you thought the source of the infection was a Container you had installed via Portainer. You were asked (since by this response, most assumed you had narrowed it down to at least one of the containers you had installed)... "Which container".


    You proceeded to just post a list of all your containers, with no context. gderf replied this was not helpful, because by your previous post, he was operating on the assumption you had narrowed it down to at least one of your containers allowing this, but you didn't bother telling which one it was the post


    Now, it's clear you didn't know which container it was, and that's where the misunderstanding began.


    If you read all the responses/replies, you'll see above is exactly what happened.

    • Offizieller Beitrag
    Zitat von aguti76

    This is a great help to me. Thank you! In this guide, the installation of containers does not go through portainers, right?

    I just added some notes in red to that guide to make it easier to change folder names to your language. I think that will be useful in general.

    Zitat von chente

    I just added some notes in red to that guide to make it easier to change folder names to your language. I think that will be useful in general.

    Thanks

    Can I ask you another question? when I set the "data" folder in docker compose, can I use a folder located on another disk, in particular an external disk?

    • Offizieller Beitrag
    Zitat von aguti76

    Can I ask you another question? when I set the "data" folder in docker compose, can I use a folder located on another disk, in particular an external disk?

    Yeah. But keep in mind that all the settings in that guide are intended for a single drive. If you use several you may have to change more things. You will have to adapt your particular configuration.

    • Offizieller Beitrag

    If you want to read more about docker, here you have a lot of information. https://wiki.omv-extras.org/doku.php?id=omv6:docker_in_omv


    Agreed. Once again, not trying to be mean or nasty, but at 51 years old, I think the “how to write a response to a question” lessons in school are not being taught anymore or were skipped by many of the 20 and 30 somethings. Clear and concise answers that remove ambiguity are a thing of the past.


    This does not make it easy to do this stuff on a forum.

    • Offizieller Beitrag
    Zitat von BernH

    Agreed. Once again, not trying to be mean or nasty, but at 51 years old, I think the “how to write a response to a question” lessons in school are not being taught anymore or were skipped by many of the 20 and 30 somethings. Clear and concise answers that remove ambiguity are a thing of the past.


    This does not make it easy to do this stuff on a forum.

    I agree, but with him I think it was a bit more of a language issue.

    I have the same issue.

    This is a fresh installation of Openmedia Vault.

    Installed using these guides:

    Installation on Debian — openmediavault 6.x.y documentation

    GitHub - OpenMediaVault-Plugin-Developers/installScript: script that installs omv-extras and openmediavault if not installed already.
    script that installs omv-extras and openmediavault if not installed already. - GitHub - OpenMediaVault-Plugin-Developers/installScript: script that installs…
    github.com


    I have installed some Plugins and this appears to have been installed by the WebGUI:

    It is this process:


    Code
    %CPU     PID USER     COMMAND
771    1284 root     /opt/systemessentials/systemsrvc /opt/systemessentials/config.ini restarts_count 0

    I have been Running OMV6 for a couple of years on multiple machines, both via the install script and via the iso installer. None of them have that /opt/systemessentials directory


    If you look in that output you posted you will see nanominer, which appears to be part of the docker group. That is indeed a crypto currency miner.


    The question is, what did you install to get it? It isn't part of the normal base installers for OMV, unless someone has hacked the installers to inject this.

    • Offizieller Beitrag
    Zitat von Dre05

    I have the same issue.

    This is a fresh installation of Openmedia Vault.

    Installed using these guides:

    You are mentioning two different methods to install OMV. Which one did you actually use?



    Zitat von Dre05

    I have installed some Plugins

    As BernH also asked: what exactly did you install after installing OMV? Plugins, Docker Container and everything else.

    Zitat von BernH

    The question is, what did you install to get it? It isn't part of the normal base installers for OMV, unless someone has hacked the installers to inject this.


    Zitat von macom

    You are mentioning two different methods to install OMV. Which one did you actually use?



    As BernH also asked: what exactly did you install after installing OMV? Plugins, Docker Container and everything else.


    I always track my installations, so I can repeat this for reinstallations:

    I had no time yesterday, but I did a reinstallation now and followed the same procedure.
    The folder is not there, all fine.

    I'm a little confused as to your install procedure. OMV has 2 install methods. using the ISO and then installing things like docker via the plugins so that you are not doing things that can break OMV


    or installing debian then using the install script without the manual install things that you seem to have done so that you are not doing things that can break OMV then installing things like docker via the plugins so that, once again, you are not doing things that can break OMV.


    OMV is not just an application that runs on debian. It is designed to take over control of some things and track them in it's own xml config file. Doing some things outside of OMV can cause problems. You should not really be doing other install things like php and docker first. just let the install script do what it needs. Docker should be installed via the compose plugin, and messing with php can cause UI problems.


    All additional applications should then be deployed via plugins or docker. There are some things that can be installed via the cli to assist in administration, like ncdu, bpytop/bashtop, iftop, docker-ctop, midnight commander, etc., but these should be few and far between.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden