Open elated-emu opened 3 months ago
MESSAGE=IN=fwbr101i0 OUT= PHYSIN=tap101i0 MAC=f8:85:f9:22:5c:16:bc:24:11:42:2b:8e:08:00 SRC=192.168.1.210 DST=114.239.10.95 LEN=93 TOS=0x04 PREC=0x00 TTL=63 ID=8509 DF PROTO=UDP SPT=18175 DPT=30301 LEN=73
What is port 18175? It seems to always hit that one. Different external IP every hit.
No longer getting these notifications. It seems weird since the 1.2.1 update only updated some language stuff from what I saw in the change-log?
I tested this overnight, getting 0 detections over 8 hours.
Right after update, I got a hit at 08:36 AM and haven't gotten one since.
10:26 AM: The umbrel password seems to have been changed. I think it is actively being targeted.
10:38 AM: Reverting to an old snapshot confirms that the password was updated. I have reverted to Umbrel 1.2. Going to update again through WebUI. Maybe 1.2.1 changes the password by default?
10:41 AM: I just noticed another hit at the same time I would have restored the snapshot (10:35 AM) to 203.192.198.37.
11:05 AM: The default root password for Umbrel 1.2.1 is "umbrel" regardless of prior setting?!
Thanks for reporting @elated-emu. I'm going to post our Discord discussion here for proper documentation. Let's keep the discussion over on Discord for now.
qBittorrent thread: https://www.reddit.com/r/qBittorrent/comments/13wltnc/weird_problem_with_qbittorrent/
Grabbing Info..