Hacked? You should lock your sonarr

Sonarr version (exact version):
Mono version (if Sonarr is not running on Windows):
OS:
Debug logs:
(Make sure debug logging is enabled in settings and post the full log to hastebin/pastebin/dropbox/google drive or something similar, do not post them directly here. Post in .txt not .doc, .rtf or some other formatted document)
Description of issue: So tonight I noticed a ton of seasons that were not being monitored suddenly began to show episodes from those seasons. I checked SAB and over 90 episodes that were not being monitored were downloading. When I checked the folders of those seasons the folder and episode names had been modified with the tag “YOU SHOULD LOCK YOUR SONARR”. Course I immediately removed my port 8081 policy from my firewall. And added a username/password to my security settings on Sonarr. So how can this be done? As simple as knowing my public IP and port and just connecting? Will the username/pass be able to prevent this or will I need to disable this port indefinitely, or change the port? Has anyone else experienced this?

Yup.

It’s fairly easy to scan for ports and see which service is running on it by fingerprinting the response(s), etc.
Never ever run anything that can be connected from the outside without security (user/pass, public key, 2-factor authentication, whichever is possible).

You’re lucky a friendly person warned you.

I’d say setting the user/pass + https is a kind of minimum nowadays. Only user/pass withouth https means you’re transmitting them in clear text over the internet.

If you have set a firewall rule up (on your router)to point external traffic on the sonarr port to your media centre then you can expect it to be open to the internet. If not then someone would have had to be on your LAN to be able to get to the private IP of your media centre.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.