It is currently Sun Sep 20, 2020 1:27 am
All times are UTC + 8 hours

Docker - mining virus

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment.

Docker - mining virus

Postby cheehoong » Sat Feb 29, 2020 12:26 am

I just found out that docker running kdevtmpfsi after few minute started.
Make my Asustor running full CPU.

kdevtmpfsi is a hijacked to mine cryptocurrency.

Can someone please fix it.

I running sonarr, jakett, and syncthing on docker.
AS6302T
cheehoong
 
Posts: 5
Joined: Thu Feb 20, 2020 10:37 pm

Re: Docker - mining virus

Postby father.mande » Sat Feb 29, 2020 6:59 pm

Hi,

for specialist Docker is useful if you create your own container (test new version, create prototype) AND if you assume the permanent update of libraries and scripts inside ...
When you used pre-created container from HUB ... no control is done ... and it's at your OWN risk

Last even a virus check is done ... crypto mining is not a virus ... it's a normal application ... so never identified as a virus ... only the access open (generally a reverse connect) can be (or not) identified.

If you are really interested by container ... use tools where you have all the hand and control (like LXC or direct namespace management) so you keep a very large % of control on what are inside.
or if for you like and want to use Docker (even it's own internal security holes) ... create yourself container ... it's describe as difficult (for selling services) when in reality it's easy if you have a minimum of Linux administration skills (some free student formations exist on the Web)

So best solution is TRASH the bad container and all dependencies (some containers works with others containers started hidden), and search for another HUB and verify that it's not the same with another name

Philippe.
NB I am a user so you can trash this advice, but I have used Docker, LXC and Namespace on multiples NAS (and write some tool-book for another NAS brand) ... and today I build my own isolated environment like myHD APKG (an isolated Ubuntu 18.04 env.) or use LXC
AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1024
Joined: Sat Sep 12, 2015 2:55 am

Re: Docker - mining virus

Postby cheehoong » Tue Mar 03, 2020 3:17 pm

Hi Philippe.

Thanks for your reply. It really helpful.
After did some reading.... And some test on docker and myHD. I will go for a try on myHD. My point of view is docker take too much works on the security.

btw how's your 3D printer. I doing a 3D printer design with changeable nozzle.
AS6302T
cheehoong
 
Posts: 5
Joined: Thu Feb 20, 2020 10:37 pm

Re: Docker - mining virus

Postby father.mande » Tue Mar 03, 2020 5:50 pm

Hi,
cheehoong wrote:btw how's your 3D printer. I doing a 3D printer design with changeable nozzle.


Not so bad ... I have succeed in printing (to replace some broken piece) and even I am always a newbie in this case, made some progress to understand all (and it's very large) the possibility and configuration.
Even it's not the place, when you progress, don't hesitate to provide a link to your works ... it's a difficult challenge

For my own, I have restart from first version of Octoprint APKG to rebuild the V 2 (after a full crash of my unique Asustor x86_64 and at same time irrecoverable error in the backup) ... Murphy's Law.
... so I can delivered it in few time (even my AS5002T (restarted) have some strange erratic problems ... ) :
... ... support of multiple printer (not only Ender) with one NAS running print at same time ... it's the interest to have a powered NAS to have a unique control center)
... ... support of multiple UVC webcam as Octoprint control
... ... full support of plugins (with a slicer integrated : Legacy Cura Engine")
... ... internal update of octoprint supported.
... ... etc.
... also I have change some part to be more compliant with Asustor NAS Arm series. (to be able to use another Asustor NAS than x86_64 model.à

BUT all is just restarting ... so ...

Philippe.
AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1024
Joined: Sat Sep 12, 2015 2:55 am

Re: Docker - mining virus

Postby sandro_rocha » Mon May 18, 2020 9:10 am

father.mande wrote:Hi,

for specialist Docker is useful if you create your own container (test new version, create prototype) AND if you assume the permanent update of libraries and scripts inside ...
When you used pre-created container from HUB ... no control is done ... and it's at your OWN risk

Last even a virus check is done ... crypto mining is not a virus ... it's a normal application ... so never identified as a virus ... only the access open (generally a reverse connect) can be (or not) identified.

If you are really interested by container ... use tools where you have all the hand and control (like LXC or direct namespace management) so you keep a very large % of control on what are inside.
or if for you like and want to use Docker (even it's own internal security holes) ... create yourself container ... it's describe as difficult (for selling services) when in reality it's easy if you have a minimum of Linux administration skills (some free student formations exist on the Web)

So best solution is TRASH the bad container and all dependencies (some containers works with others containers started hidden), and search for another HUB and verify that it's not the same with another name

Philippe.
NB I am a user so you can trash this advice, but I have used Docker, LXC and Namespace on multiples NAS (and write some tool-book for another NAS brand) ... and today I build my own isolated environment like myHD APKG (an isolated Ubuntu 18.04 env.) or use LXC

I installed Docker-CE and didn't do anything else, didn't download or install any images, didn't start any containers and, a few hours later, there were four containers running. What explains that? Either the version available for the AS1002T is compromised or there is a security breach that allows external control.
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: Docker - mining virus

Postby ilike2burnthing » Mon May 18, 2020 9:26 am

Have tried changing the password for your NAS?
ilike2burnthing
 
Posts: 96
Joined: Thu Apr 09, 2020 8:01 pm

Re: Docker - mining virus

Postby sandro_rocha » Mon May 18, 2020 1:09 pm

ilike2burnthing wrote:Have tried changing the password for your NAS?

I recently changed the password. I am going through continuous invasion attempts, via Samba and SSH that forced me to change my password. I don't know what's going on, but fortunately ADM Defender is doing the locks automatically. I wanted to know what the problem is.

ps: changing the password would help in what way in the Docker problem?
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: Docker - mining virus

Postby ilike2burnthing » Mon May 18, 2020 1:23 pm

Well if someone has remote access to your NAS, they can do whatever they want, including add malicious docker containers.
ilike2burnthing
 
Posts: 96
Joined: Thu Apr 09, 2020 8:01 pm

Re: Docker - mining virus

Postby sandro_rocha » Mon May 18, 2020 10:59 pm

ilike2burnthing wrote:Well if someone has remote access to your NAS, they can do whatever they want, including add malicious docker containers.

According to ADM Defender, intrusion attempts are being blocked so I don't think it's the cause of Docker's compromise. If someone had access to my NAS, I would not be being warned of intrusion attempts and the attacker could reinstall Docker, which has not happened yet. My question is how can I resolve the situation, the Docker and the invasion attempts. I already changed the password, ClamAV is not working (problem unrelated and reported by other users) and I do not know how to solve the issue of Docker and the invasion attempts. Need help.
sandro_rocha
 
Posts: 34
Joined: Wed Feb 05, 2020 10:49 am

Re: Docker - mining virus

Postby ilike2burnthing » Mon May 18, 2020 11:29 pm

I'd suggest opening a support ticket - https://support.asustor.com/index.php?/Tickets/Submit
ilike2burnthing
 
Posts: 96
Joined: Thu Apr 09, 2020 8:01 pm

Next

Return to Docker

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 1 guest

cron