outatouch0 Posted July 26, 2015 Share Posted July 26, 2015 from the 'readme' I appear to be running 5.0.4 Everything has been absolutely fine from the beginning and obviously by the old version I am running I have not had to mess with it. Just this past week or two I have had XBMC stop during playback and report it cannot access the file(s). At first I thought it was a router issue because I was using a wireless HTPC when it was happening. Resetting the router etc.... Happens on my wired HTPC's too. On my main computer where the shares are listed as drive letters they were X'ed out with a big red X. I see this when I reboot Win7 but clicking on them clears the X... Not this time. It has required a reboot of unRAID. Oddly enough, I am able to do this from my browser interface. I can spin down disks, spin them up (I can hear them). I even did a syslog. Everything appears to be working except I can not access the shares from my computers. It seemed like the reboot was hanging or not working right so I threw a monitor on it and noticed some things during bootup. So I took a video so I could report it: uget: unable to resolve host address 'slackware.org.uk' hangs 10 seconds then gzip:stdin: unexpected end of file hangs almost a full minute before finishing boot at top it says chmod: cannot access 'var/log/utnp' : no suce file or directory Package utempter-1.1.4-i496-1.tgz installed. at the bottom it says Welcome to Linux 3.9.11p-unRAID (ttyl) tower Login: So it just went two days without re-occurrence until last night it did it while no one was watching anything on the HTPC's. I noticed the red X's in an explorer window while working on other stuff on my main PC. So I captured a syslog before rebooting this time. Rebooted the server via the interface and went to bed. This morning the server failed to boot. I have no idea how to get any kind of syslog from this event but I did note a few things. Tried to reboot via power switch and same thing happens. ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S2_] (20130117/hwxface-568) ACPI (suppors S0 S3 S5) ACPI: Using IOAPIC for interrupt routing ... PCI: Using MMCONFIG for exended config space PIC: Using host brigde windows from ACPI; if necessary, use "pci=nocrs" and report a bug ... pci 0000:00:04.0: System wakeup disabled by ACPI pci 0000:00:10.0: System wakeup disabled by ACPI pci 0000:00:10.1: System wakeup disabled by ACPI System info below. Flash Drive for unRAID operating system SanDisk Cruzer Fit 4 GB USB Flash Drive SDCZ33-004G-B35 MB GIGABYTE GA-F2A85XM-D3H FM2 AMD A85X (Hudson D4) HDMI SATA 6Gb/s USB 3.0 Micro ATX AMD Motherboard PCI Express 2.0 x16 2 (x16, x4) SATA 6Gb/s 8 x SATA 6Gb/s CPU AMD A4-5300 Trinity 3.4GHz (3.6GHz Turbo) Socket FM2 65W Dual-Core Desktop APU (CPU + GPU) with DirectX 11 Graphic AMD Radeon HD 7480D AD5300OKHJBOX RAM G.SKILL Ripjaws X Series 4GB (2 x 2GB) 240-Pin DDR3 SDRAM DDR3 1866 (PC3 14900) Desktop Memory Model F3-14900CL9D-4GBXM Parity WD4001FAEX-00MJRA0 Disk 1 WD30EFRX-68AX9N0 Disk 2 WD2002FAEX-007BA0 Disk 3 WD2002FAEX-007BA0 Disk 4 WD2002FAEX-007BA0 Disk 5 WD40EFRX-68WT0N0 (no cache drive) last parity check was June 02 2015 0 errors syslog.2015.07.26_can_not_access_shares.txt.zip Quote Link to comment
outatouch0 Posted July 27, 2015 Author Share Posted July 27, 2015 PS, it booted in safe mode but I am not sure what that means. Can I still use it for now? From the little bit I found on it... It boots unRAID only without any add-ons/plug-ins, correct ? Quote Link to comment
trurl Posted July 27, 2015 Share Posted July 27, 2015 Not clear from your description. Do you have one or more drives redballed? Post a screenshot of the Main page. Your syslog shows some suspicious IP addresses trying to connect. Are you being hacked? Quote Link to comment
outatouch0 Posted July 27, 2015 Author Share Posted July 27, 2015 Thanks for the reply, which part of my description was not clear? No red dots on the drives or anything obvious to alert me to what the problem might be. I am guessing it might be with an add on since it works in safe mode. However, since it has worked fine for so long without messing with the software... I do wonder if it is a hardware issue. Quote Link to comment
outatouch0 Posted July 27, 2015 Author Share Posted July 27, 2015 Oh yea, can you point out the relevant section of the syslog with the suspicious connection attempts? Second, I rebooted to run memtest and I guess I was not fast enough my 3yr old unplugged the keyboard... unRAID just booted up in regular mode Quote Link to comment
trurl Posted July 27, 2015 Share Posted July 27, 2015 Oh yea, can you point out the relevant section of the syslog with the suspicious connection attempts? Second, I rebooted to run memtest and I guess I was not fast enough my 3yr old unplugged the keyboard... unRAID just booted up in regular mode Most of your syslog starting with Jul 24 12:20:39 0Kcorral in.telnetd[3934]: connect from 60.3.32.64 (60.3.32.64) and continuing until the end Jul 26 01:21:17 0Kcorral login[4792]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '78-82-169-146.tn.glocalnet.net' look very suspicious. Some of these lines even suggest successful login to the ROOT account of your server. Have you tried to make it accessible from the internet for some reason? Quote Link to comment
outatouch0 Posted July 28, 2015 Author Share Posted July 28, 2015 Who knows WHAT I might have thought was a good idea back then. I might have made it internet accessible. Sounds like I need to upgrade to version 6.x but do it in a clean install that preserves my array (ie I keep my data intact) ? (as if I was upgrading from a version 4.x)? Ran memtest overnight and it passed. From this I found an interesting tidbit... I can start unRAID from a shutdown/power off state but any type of reboot fails to boot. Based on what I see on the screen (reported in orig. post) it seems to think it is coming out of an unsupported sleep state ? IDK, this is a bit over my head. Quote Link to comment
trurl Posted July 28, 2015 Share Posted July 28, 2015 Who knows WHAT I might have thought was a good idea back then. I might have made it internet accessible. Sounds like I need to upgrade to version 6.x but do it in a clean install that preserves my array (ie I keep my data intact) ? (as if I was upgrading from a version 4.x)? Ran memtest overnight and it passed. From this I found an interesting tidbit... I can start unRAID from a shutdown/power off state but any type of reboot fails to boot. Based on what I see on the screen (reported in orig. post) it seems to think it is coming out of an unsupported sleep state ? IDK, this is a bit over my head. The first thing you should do is secure your local network. How is the server connected to the internet? Quote Link to comment
outatouch0 Posted July 28, 2015 Author Share Posted July 28, 2015 Agreed. Its connected through a router. I didn't have aNY passwords on the unRAID though. All of my windows PC's have firewalls on them. I thought the router was enough (hardware firewall). Really didn't think about the unRAID box needing a firewall - and don't know how because when it comes to Linux I am pretty much a cripple. what do you suggest? Also, just want to thank you again for taking your time to help me out. Quote Link to comment
trurl Posted July 28, 2015 Share Posted July 28, 2015 Agreed. Its connected through a router. I didn't have aNY passwords on the unRAID though. All of my windows PC's have firewalls on them. I thought the router was enough (hardware firewall). Really didn't think about the unRAID box needing a firewall - and don't know how because when it comes to Linux I am pretty much a cripple. what do you suggest? Also, just want to thank you again for taking your time to help me out. Your router should be the firewall for your whole network. What is it and how is it configured? Most routers are configured correctly by default and you have to take some trouble to configure it to allow incoming traffic. It shouldn't be allowing telnet from random IP addresses. Quote Link to comment
Squid Posted July 28, 2015 Share Posted July 28, 2015 My kid at one point had his ip address assigned on his router to be a DMZ because he didnt want to take the time to open up a port for a specific game You can guess what happened next... Quote Link to comment
outatouch0 Posted July 28, 2015 Author Share Posted July 28, 2015 Just double checked my router settings all are as I left them with the usual recommended securest settings. Sorry, my post probably sounded like I did not know how to configure a router. That telnet from an IP in Sweden (probably a VPN) baffles me. I looked through the unRAID settings and didn't see anything allowing remote access unless I did it in unMenu ? From reading the syslog do you think the router was penetrated (which is what I think you are saying) or was it I have some setting in unRAID allowing remote access? both? going to have a look at unMenu next. Everything takes forever now with a 3yr old and a newborn in the house. Quote Link to comment
outatouch0 Posted July 29, 2015 Author Share Posted July 29, 2015 didn't see anything in unmenu as far as installed packages goes but I did notice the last 6 lines of the syslog. Also, unMenu showed that SMB had stopped thus disks would be unaccessable whereas the GUI did not. System Log (last 6 lines) Legend => Errors Minor Issues Lime Tech unRAID engine System Drive related Network Logins Misc Other emhttp Jul 28 12:22:19 0Kcorral in.telnetd[5042]: connect from 121.236.106.111 (121.236.106.111) Jul 28 12:22:21 0Kcorral telnetd[5042]: ttloop: peer died: EOF Jul 28 12:22:31 0Kcorral in.telnetd[5043]: connect from 119.32.53.157 (119.32.53.157) Jul 28 12:22:31 0Kcorral telnetd[5043]: ttloop: peer died: EOF Jul 28 12:27:58 0Kcorral in.telnetd[5044]: connect from 119.32.53.157 (119.32.53.157) Jul 28 12:28:00 0Kcorral telnetd[5044]: ttloop: peer died: EOF Jul 28 12:22:31 0Kcorral telnetd[5043]: ttloop: peer died: EOF Jul 28 12:27:58 0Kcorral in.telnetd[5044]: connect from 119.32.53.157 (119.32.53.157) Jul 28 12:28:00 0Kcorral telnetd[5044]: ttloop: peer died: EOF Jul 28 12:47:48 0Kcorral in.telnetd[5287]: connect from 188.154.107.218 (188.154.107.218) Jul 28 12:51:04 0Kcorral kernel: NTFS driver 2.1.30 [Flags: R/W MODULE]. Jul 28 12:51:36 0Kcorral unmenu[3094]: which: no bwm-ng in (/bin:/sbin:/usr/bin:/usr/sbin) I can not understand how these connections could be happening unless they are coming from (being allowed by) unRAID. Anything is possible but it does not SEEM likely to be due to my router being penetrated. Anyone have thoughts on this? I will buy a new router today if I need to but... Quote Link to comment
dgaschk Posted July 30, 2015 Share Posted July 30, 2015 Is there more than one router? The router is between the Internet and your server. Any traffic reaching the server from the Internet is passing through the router. The is no way the server is allowing Internet sourced traffic on your LAN. The router is allowing hackers to access your unsecured server. Reset the router to it's default setting using the hardware reset and then change the passwords. Quote Link to comment
JonathanM Posted July 30, 2015 Share Posted July 30, 2015 Another possibility is a VPN plugin with an internet accessible endpoint. I haven't looked at the syslog to see if one is being loaded. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.