HTTP_404_NotFound

joined 1 year ago
[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

I was eyeballing a MD3600 yesterday, for only 150$.

Went back and forth on the idea of running it for an iSCSI san.... but, remembered why I prefer zfs and ceph over HW raid.

 
[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

If you want 10G performance, you need to get a 10G nic. They are only 30-40$ on ebay.

While, you CAN bond a pair of 2.5GBe ports, and POTENTIALLY get 5g of throughput, it will not be on a single session. ie- you can't download a file at 5Gbps.

10G hardware is cheap.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

I use technitium as the primary server, with a pair of backup servers running bind9.

The backup servers do zone-transfers from the primary.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

I don't think homelabs were ever the intended audience. There are MUCH more price effective, reliable, and performant options over their cases + expanders.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

Ebay.

Also, i3 doesn't really use less power. The -T models will use a lot less power. But, you aren't really going to notice a difference with the i3 models.

https://www.cpubenchmark.net/compare/2639vs2627vs2599/Intel-i3-6100T-vs-Intel-i5-6500T-vs-Intel-i5-6500

TDP is the same between them too.

For reference, I have 3 micros. i5-9500T, i7-6700, and i5-8500t. They all use pretty much the same 8-12watts of idle power.

Also, I generally avoid the pre-6th gen computers. DDR-3, slower, less efficient. i5-6500 is the oldest processors in my lab.

And- right now, 50$ is the going-price for M900s / Optiplexes/etc, with an i5-6500t.

Although, you can get the i3 models for 30$ or so.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago (3 children)

Go pick up a optiplex micro on ebay. 6th gen intel, or newer.

This will cost you around 50-150$ depending on which one you get.

Slap a couple NVMes into it, and a 2.5" SSD.

Run your docker containers here, including paperless-ngx.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

3kw inverter/charger 1k

Can pick up a 6kw inverter/charger for around 800$. (Prob cheaper if you went with 48v too....)

Been there, and done this project.

https://xtremeownage.com/2021/06/12/portable-2-4kwh-power-supply-ups/

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

Honestly, they are all extremely overpriced, IMO.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

You might check out unraid too....

I went from TrueNAS Core -> Unraid -> TrueNAS Scale -> And Landed back on Unraid.

My reasons were documented here: https://xtremeownage.com/2021/11/10/unraid-vs-truenas-scale-2021/

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

Even if you do want to do casaOS, or linux- I'd still recommend putting proxmox as the base os.

[–] HTTP_404_NotFound@alien.top 2 points 11 months ago

No... I have proper, tested backups.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

I did put the disclaimer front and center! Ceph really needs a ton of hardware before it starts even comparing to normal storage solutions.

But, the damn reliability is outstanding.

 

The correct answer, Assess the issue, determine the scope of impact, and remediate the initial problem.

Since, I have software which scans files diffs, I can see the vulnerabilities were injected in Late Oct/Early Nov.

So, I restored a backup from a few weeks prior to that date.

After restoring from the backup, I immediately updated all of the plugins/software, and removed the package which introduced the vulnerability.

Now, at this time, you might be concerned with the security of your homelab.

I am not.

Because I treat my external facing services as honeypots which I expected to get PWNED. As such, if the attacker managed to obtain shell access to the target kubernetes container, the impact was limited, because the pod itself, has ZERO network access to anything, except the internet. It can't even talk to my internal DNS server. Nothing.

As well, any authentication attempts on my local network, would have been detected by my Log monitoring platform, which would have delivered me an email, letting me know of authentication attempts on my internal servers.

Since, this is a docker/kubernetes container, I am rest easy knowing there are no persistent file system modifications to the container, as it is not persistent. Since, I restored to a backup before file changes were detected, this is more peace of mind.

So, what did I find?

A lot of php files containing very suspicious exec commands, which should not be present. I find lots of lovely obfuscated code checks, which also suspiciously had lovely eval commands.

Why did I make a post on this?

Because a few times a week, I see a post along the lines of...

"HELP MY LAB GOT PWNED AND MY STUFF IS NOW ENCRYPTED. WHAT SHOULD I DO?!?!?!"

I am making this post- because if you follow the recommended practices of having proper backups (3-2-1) rule, you can recover from these issues without breaking a sweat.

Backups, combined with log/authentication monitoring, gives you peace of mind. Properly securing everything, and restricting network access when possible, keeps things from spreading around your network.

Without the proper ACLs/Rules into place, the attacker could have gained access to my network, in which case, containing the damage would be extremely difficult. This is why having a proper DMZ is still crucial for any publicly exposed services.

Log monitoring software, was able to alert me to the presence of an issue. Without this, there would still be who-knows-what trying to run in my old wordpress site, and I would be none the wiser. Although, granted, it took a few weeks for an alarm to trip, which I have already remediated for the future.

Also, wordpress is a vulnerability magnet. Third time in the last 8 years.

 
view more: next ›