Web GUI stopped working during Plex optimization process

[Mirakal]

Hi,

I was in the process of optimizing a large 4K Movie when my shares detached and Web GUI stopped working.

Any ideas?

Thanks!

 

[Chris Moore]

Any ideas?

It would be a totally random guess without more information to go on... Please review this:
https://forums.freenas.org/index.php?threads/updated-forum-rules-8-3-16.45124/

As a random guess, I would say the system crashed.

 

[Mirakal]

Thanks, I can ping outside my router which make me think it's not a NIC issue and I can see all my files.

I'm working on providing logs.

 

[Mirakal]

Which logs would be worth looking at the following have been update today in desc order:

• cron
• messages
• uwsgi
• debug
• daemon
• afp
• ngix-access
• ngix-error
• mdnsresponder
• pbid
• middleward
• utx
• user
• auth

Just check, no pool errors, status onlne

 

[Mirakal]

Hmmm.. after 4 reboots it seems to have resolved... wired

 

[Mirakal]

After further investigation, it turns out FreeNAS was being hacked with DDoS attacks. I found the following security issues (see below) I had to shutdown the server :(

Code:

One my FreeNAS ip
Open TCP ports:
80 (http), 139 (netbios-ssn), 445 (microsoft-ds), 548 (afpovertcp), 6000

Open UDP ports:
123 (ntp), 137 (netbios-ns), 138 (netbios-dgm), 5353 (mdns)

The device is vulnerable to hacker attacks. For more info see the corresponding vulnerability ID. An upgrade of the device's software/firmware may fix the issue.
Vulnerability ID:CVE-2017-5674
IP Address: 192.168.15.200

 

[Chris Moore]

After further investigation, it turns out FreeNAS was being hacked with DDoS attacks. I found the following security issues (see below) I had to shutdown the server :(

Your FreeNAS is supposed to live on a private network, behind a firewall, there shouldn't be anything that can reach it to attack it.

 

[Mirakal]

That's what I assumed, but I can ping outside the server.

I've been testing, I shut down my FreeNAS for 48hrs no DDoS....I switched it back on I got (see list below)

Show : List of DDoS catches

Time
Level
Type
Source
Destination
Security Alert
2018-08-14 08:34:08

External Attacks
192.168.1.19
192.168.1.1
WEB Remote File Inclusion /etc/passwd
2018-08-14 08:34:05

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:34:04

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:34:02

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:34:01

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:59

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:58

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:57

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:55

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:54

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:53

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:51

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:50

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:49

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:47

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:46

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:45

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:43

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:42

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:40

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:39

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:38

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:36

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:35

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:34

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:32

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:31

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:30

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:28

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:27

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:26

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:24

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:23

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:21

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:20

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:19

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:17

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:16

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:15

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:13

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:12

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:11

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:09

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:08

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:07

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:05

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:04

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:02

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:01

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:33:00

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:58

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:57

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:56

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:54

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:53

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:52

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:50

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:49

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:48

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:46

External Attacks
192.168.1.19
192.168.1.1
WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
2018-08-14 08:32:44

External Attacks
192.168.1.19
192.168.1.1
WEB Cross-site Scripting -9

 

[danb35]

I switched it back on I got (see list below)

...and what gave you that list? Because that looks like a list of (alleged) vulnerabilities, not a list of currently-ongoing attacks against your server.