HELP I HAVE BEEN HACKED

[Cyberbob2021 9]

3 minutes ago, rbjtech said:

Exactly - and this is why I mentioned caution on the Auto upgrade - there is always the possibility of introducing new vulnerabilities - they can come from both poor internal QA (as in the case of your QNAP example) or via supply chain interception such as the SolarWinds hack.

My personal view is do not upgrade automatically unless there is good reason to do so - ie if an Critical patch is released to resolve a ZeroDay, then I review, install and monitor.  If there is a patch for 'generic enhancements' then I will wait until it has been out there a couple of weeks or may choose to not install it at all using the 'if it ain't broke' policy.. 

yes I do like the if it isn't broke policy.  as for the dots ,  I'm guessing it means a lot of attacks  

[Carlo 4330]

Almost all the NAS unit's a remote into and help people with are connected directly to the Internet and have the easy remote network vendor crap turned on.  I myself would never allow that but instead would have a VPN setup (I use wireguard) that you login into first using 2FA.  It's an extra step when remote but is well worth it.

What I've never seen people do that I remote in and help with is have their servers/NASes sandboxed with both inbound & outbound firewall control.  That allows you to catch/deny any outgoing requests from software that you haven't authorized.  It helps to not run docker or 3rd party apps on your storage machine as well but to use it more like a "server".   You can then setup docker on another machine or run them on a couple Pi 4s or something for tighter control with no access to your massive storage.

[Cyberbob2021 9]

On 03/12/2021 at 15:32, cayars said:

Almost all the NAS unit's a remote into and help people with are connected directly to the Internet and have the easy remote network vendor crap turned on.  I myself would never allow that but instead would have a VPN setup (I use wireguard) that you login into first using 2FA.  It's an extra step when remote but is well worth it.

What I've never seen people do that I remote in and help with is have their servers/NASes sandboxed with both inbound & outbound firewall control.  That allows you to catch/deny any outgoing requests from software that you haven't authorized.  It helps to not run docker or 3rd party apps on your storage machine as well but to use it more like a "server".   You can then setup docker on another machine or run them on a couple Pi 4s or something for tighter control with no access to your massive storage.

yes, I've made a lot of changes now,  all seems good, and used the freezer trick to get some movies back. it was more hassle than anything else in the end,  new problem now mind you, but I can live with it, my main screen no longer updates with added media, fingers crossed it either works on an update, or ill wait back up emby & reinstall it.  thanks to suggestions here , I used the screen guard place too :).   made new backups of the library as well.  and used a lot of suggestions here too thanks to all that commented. 

[Carlo 4330]

Hi,

Login to your machine via SSH and use this command:

sudo sysctl -p # re-read config

That will display a few environmental settings used. We are interested in these two settings.  Default settings I believe are 8196 and 128 which are to low for a media server.
fs.inotify.max_user_watches
fs.inotify.max_user_instances

To reset these values use:

echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf
echo fs.inotify.max_user_instances=1000 | sudo tee -a /etc/sysctl.conf

Now run the command above again to look at the values.
That should have changed the watches and instance both for the current session and for restart BUT synology likes to overwrite admin changes from time to time and almost always when you do a DSM update.

The simple work around to this is using the Task Schedule in Control Panel on DSM.  Create an "on boot" schedule owned by root that runs every time you restart the box.  Put any command there you want to run on startup so in this case add these two lines:

sysctl fs.inotify.max_user_watches=524288
sysctl fs.inotify.max_user_instances=1000

Done.  You can also run just those last two commands from the prompt with sudo in front to set them only for the current session (ie testing).

Once you have these changed to proper numbers, restart Emby Server and it should now receive inotify messages from the OS.