top | item 45345755 (no title) anotherlogin448 | 5 months ago OP got compromised there's no issue in any hotio container.Code and CI is all open source. discuss order hn newest thephyber|5 months ago My money is on the author had not updated their docker image version/tag in over 2 years.It looks like the app used weak hard-coded admin credentials back then. Appears to have been fixed in 2023. wok4899|5 months ago I am running, ghcr.io/hotio/qbittorrent:release-5.1.1 load replies (1) wok4899|5 months ago I never have exposed this container to the world ever, and my server do report the existence of such binary. That is the reason based on CPU usage I suspect that mining never triggered.> ps -ef | grep netservlet > root 3708105 3665360 0 08:06 pts/2 00:00:00 grep netservlet thephyber|5 months ago Edit: absolutely make sure you are running the newest version of the image. It patches security issues in the app.Read this article:https://torrentfreak.com/qbittorrent-web-ui-exploited-to-min...It mentions the app will use uPnP to expose itself automatically.Remember that BitTorrent protocol is P2P, so it likely is accessible from the internet.My suggestion is to wipe the image, update pull/run the newest version, and change the admin credentials after it starts up. iogjoertsnbu|5 months ago that's just grep showing you your own grep process lol. you can do ps -ef | grep foobarbaroof and get the same thing... load replies (1) bakugo|5 months ago How long have you been running this container?Can you check the contents of your qBittorrent.conf?
thephyber|5 months ago My money is on the author had not updated their docker image version/tag in over 2 years.It looks like the app used weak hard-coded admin credentials back then. Appears to have been fixed in 2023. wok4899|5 months ago I am running, ghcr.io/hotio/qbittorrent:release-5.1.1 load replies (1)
wok4899|5 months ago I never have exposed this container to the world ever, and my server do report the existence of such binary. That is the reason based on CPU usage I suspect that mining never triggered.> ps -ef | grep netservlet > root 3708105 3665360 0 08:06 pts/2 00:00:00 grep netservlet thephyber|5 months ago Edit: absolutely make sure you are running the newest version of the image. It patches security issues in the app.Read this article:https://torrentfreak.com/qbittorrent-web-ui-exploited-to-min...It mentions the app will use uPnP to expose itself automatically.Remember that BitTorrent protocol is P2P, so it likely is accessible from the internet.My suggestion is to wipe the image, update pull/run the newest version, and change the admin credentials after it starts up. iogjoertsnbu|5 months ago that's just grep showing you your own grep process lol. you can do ps -ef | grep foobarbaroof and get the same thing... load replies (1) bakugo|5 months ago How long have you been running this container?Can you check the contents of your qBittorrent.conf?
thephyber|5 months ago Edit: absolutely make sure you are running the newest version of the image. It patches security issues in the app.Read this article:https://torrentfreak.com/qbittorrent-web-ui-exploited-to-min...It mentions the app will use uPnP to expose itself automatically.Remember that BitTorrent protocol is P2P, so it likely is accessible from the internet.My suggestion is to wipe the image, update pull/run the newest version, and change the admin credentials after it starts up.
iogjoertsnbu|5 months ago that's just grep showing you your own grep process lol. you can do ps -ef | grep foobarbaroof and get the same thing... load replies (1)
bakugo|5 months ago How long have you been running this container?Can you check the contents of your qBittorrent.conf?
thephyber|5 months ago
It looks like the app used weak hard-coded admin credentials back then. Appears to have been fixed in 2023.
wok4899|5 months ago
wok4899|5 months ago
> ps -ef | grep netservlet > root 3708105 3665360 0 08:06 pts/2 00:00:00 grep netservlet
thephyber|5 months ago
Read this article:
https://torrentfreak.com/qbittorrent-web-ui-exploited-to-min...
It mentions the app will use uPnP to expose itself automatically.
Remember that BitTorrent protocol is P2P, so it likely is accessible from the internet.
My suggestion is to wipe the image, update pull/run the newest version, and change the admin credentials after it starts up.
iogjoertsnbu|5 months ago
bakugo|5 months ago
Can you check the contents of your qBittorrent.conf?