Beiträge von wyild1

I dont think so.... its 15 characters with a good mix of upercase, numbers and symbols

Thanks for the update voltdev....but they didnt use root cron (unless i misunderstand what your are saying). It was a regular user that had their cron replaced.
I'm just concerned how they got past the login on the WebUI to do this if this isnt an exploit/problem. The admin login password was not the default

Thanks subzero79 for that page. Looking at the bug report on that page it says it wouldnt be fixed. Guess that still brings be back to my question....... I think this is still exploitable if you dont lock down your webpage. And how did they get in if i had changed those login accounts on the webpage?

And your right ryecoaaron, I should't have had that exposed it to the internet if i didnt have least a second login (htpassword) so thats my mistake and been corrected.

Just thought i would ask....but no worries ill just hope it wont happen again

Cheers!

Hi there

I just had my crontab for my main non-root user replaced with something that is installed a miner on my server. I saw there were 2 HTTP post commands in my nginx logs at the exact same time that the syslog showed the crontab being replaced. Nothing in my ssh logs either to show entry into my server

I found this exploit online, so curious if this was this has been fixed? I'm leaning towards this was the point of entry. I disabled port 80 from the outside, reset my passwords and ran rootkit scanners and found nothing so hopefully i mitigated it. I have a website on 443 but nothing happened with that from what i can see in the logs.

Using OMV 3.0.96

https://www.cvedetails.com/cve/cve-2013-3632 - The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

Cheers!

Zitat von wyild1

Thank you for the Tips!Like you i also run alot more things on my server than just OMV so ya this should be interesting

Cheers!

Just heads up. Upgrade went well. i removed bunch plugins i wasn't using and things went smooth

Zitat von gderf

It took me several attempts to upgrade OMV 2.x to 3.x. In the end I had to remove every plugin from OMV 2.x before I could get the upgrade to complete successfully and boot into a working OMV 3.x.
I almost gave up trying to upgrade, but I had so much other stuff installed and running on my OMV 2.x machine that doing a fresh install of 3.x and then replicating all those other things looked extremely unattractive.

When I experimented with upgrading to 3.x it was always on an identical copy on my 2.x 16GB SSD. I still have the original in case I ever need to go back to it for some reason.

Good luck with your upgrade, and always operate on a copy of your existing 2.x installation. Every failed attempt I had rendered it non-bootable and when I was able to fix that, it was still mangled beyond repair.

Thank you for the Tips!
Like you i also run alot more things on my server than just OMV so ya this should be interesting

Cheers!

Zitat von gderf

Yes. And that's the part that makes it so difficult.

I see by your signature the exact same hardware (MB and Case for sure) Did you have an issues with the upgrade?

Morning all!

Does the upgrade from OMV2 to OMV3 include a Debian upgrade to 8 via the omv-release-upgrade command?

Cheers!

Ryecoaaron is correct. You need to do the xauth after logging in. This should work for you (just used gparted this weekend)

ssh -X into the server
type "xauth list" to get the list of keys
sudo su - to change to root
type "xauth add" and the key from the previous command to add it to the list
enjoy your xsession

Cheers!