× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

RN316- Curious on getting hacked or just system error/disk error

FeliC
Aspirant

RN316- Curious on getting hacked or just system error/disk error

Things before situation happened that i think is related:

Version :6.10.7

Antivirus on(Protect ReadyNas OS)

IPv6 disabled

Streaming applications disabled wan connection

Router (blocked all traffic which output to wan) with no vpn profile enabled

3 Disks with Raid 5(Following is Diagnostics):

   Disk 1 has 1XX Reallocated Sectors
   Disk 1 has 1XX Reallocation Events
   Disk 1 has 1 Command Timeouts(not sure)
   Disk 5 has 8XX~9XX Reallocated Sectors
   Disk 5 has 8XX~9XX Reallocation Events

   (Planned to buy reserve disk later)

   Volume root is 7X%~8X% full

1 normal user ac and 1 user admin ac are allowed to use SSH before reboot

It could be making snapshot at about time as i remembered

(Shouldn't be related but still mention) In the past, i installed emby server using root ac (idk this will cause problem before).So volume root was fulled once before. And i am now sure that is installed using my user admin environment.(Btw,why it won't displayed on Admin page)

 

Just before , i tried to stream video(by plex) form nas severely but all got error caused and computer side software terminated itself.
Then, tried to get in admin page but all get login incorrect messages(i tried all my password combo(i know not recommend)).

So i think system bugged and use power button to reboot.

During reboot , it got jammed at progress 88%. I tried to log in admin page but stuck in loading.

I suddenly think out it may get hacked before, so i log into router to block all wan network to my RN.

Few minutes later, boot complete. Antivirus got disabled, history/logs before reboot disappear.

 

After above happened,I use Diagnostics function in RAIDar:

Disk 1 has 195 Reallocated Sectors
Disk 1 has 195 Reallocation Events
Disk 1 has 1 Command Timeouts
Disk 5 has 984 Reallocated Sectors
Disk 5 has 984 Reallocation Events
Volume root is 99.76% full
/var is consuming 2272 MB

 

I want to locate what the problem is.Also how to recover logs to analyze? As i am not very familiar to unix-like system cmd

If any attachment is needed to analyze,feel free to ask👌Appreciate if anyone can help

Message 1 of 4

Accepted Solutions
Sandshark
Sensei

Re: RN316- Curious on getting hacked or just system error/disk error

Did you install via SSH?  If so, you had to use sudo, which makes you temporary root.  But that's not what really matters.  Linux normally installs to the root volume.  With the size limitation of ReadyNASOS OS partition, that's problematic with some apps.  If you install a standard Linux .deb package from SSH, you should create a directory in /apps (which is on your data volume, though there is a symbolic link to it in root).  Then move any files the app creates (or any location to which it will store data) in there, then create a symbolic link to the /apps folder in place of the original folder in root.

View solution in original post

Message 4 of 4

All Replies
Sandshark
Sensei

Re: RN316- Curious on getting hacked or just system error/disk error

PLEX will notoriously leave transcoding fragments in the root volume if anything goes awry.  Having a root volume that full is definitely part of, if not all, the problem.  And those drives with so many bad sectors are a timebomb.  If you don't have a current backup, you need to make one now.  With two drives probably on the brink of failure, you risk the second failing while a replacement for the first re-syncs, and that will kill your volume.

Message 2 of 4
FeliC
Aspirant

Re: RN316- Curious on getting hacked or just system error/disk error

--update--

Confirmed that emby-server filled volume root in /var

Now i am curious why i use user admin to install but will still use root environment

Message 3 of 4
Sandshark
Sensei

Re: RN316- Curious on getting hacked or just system error/disk error

Did you install via SSH?  If so, you had to use sudo, which makes you temporary root.  But that's not what really matters.  Linux normally installs to the root volume.  With the size limitation of ReadyNASOS OS partition, that's problematic with some apps.  If you install a standard Linux .deb package from SSH, you should create a directory in /apps (which is on your data volume, though there is a symbolic link to it in root).  Then move any files the app creates (or any location to which it will store data) in there, then create a symbolic link to the /apps folder in place of the original folder in root.

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 1120 views
  • 0 kudos
  • 2 in conversation
Announcements