SAB is acting weird- it keeps downloading "sabnzbdwinbeast2" folders containing:
config.json
cron.bat
cronget.bat
sabsznbd.exe
search_indexer.exe
winring0x64.sys
Anybody know what the heck is going on?
"nzbdwinbeast2" keeps downloading
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: "nzbdwinbeast2" keeps downloading
Stuff I like: Apache bash cron DD-WRT Debian DNSMasq Entware FireFox GitHub ImageMagick Kate KDE LibreELEC Netrunner NFS NVIDIA OpenVPN Orvibo-S20 pfSense Python Raspberry-Pi RAID SABnzbd Transmission Usenet VirtualBox Watcher3 XFCE
Re: "nzbdwinbeast2" keeps downloading
Jeez I had no idea SAB was so dangerous!
Re: "nzbdwinbeast2" keeps downloading
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: "nzbdwinbeast2" keeps downloading
I have username/password and no access, and my system still downloaded it.safihre wrote: ↑April 15th, 2021, 11:47 am Sab is not. Your settings are.
See:
https://www.reddit.com/r/usenet/comment ... protected/
Re: "nzbdwinbeast2" keeps downloading
All it takes for a script kiddie to download an nzb and modify script settings to run downloaded code, is a windows operating system plus remote access to the web interface (no user/pass or credentials known/guessed) or the api (api key known or disabled).
Note that if the web interface was at any time exposed to the internet without authentication, the apikey could simply have been read by an attacker at that time and still be used to access sab now - even if you have put a user/pass in place. An apikey could also be harvested from a hacked or malicious indexer if it was shared there for integration purposes.
Re: "nzbdwinbeast2" keeps downloading
So should I change the password? reset the API?jcfp wrote: ↑April 18th, 2021, 11:41 amAll it takes for a script kiddie to download an nzb and modify script settings to run downloaded code, is a windows operating system plus remote access to the web interface (no user/pass or credentials known/guessed) or the api (api key known or disabled).
Note that if the web interface was at any time exposed to the internet without authentication, the apikey could simply have been read by an attacker at that time and still be used to access sab now - even if you have put a user/pass in place. An apikey could also be harvested from a hacked or malicious indexer if it was shared there for integration purposes.
Re: "nzbdwinbeast2" keeps downloading
Also I did some testing, and both Bitdefender and Malwarebytes detected and killed this thing.
Re: "nzbdwinbeast2" keeps downloading
Did you maybe use nzbgeek? They were hacked a few months ago.
If you like our support, check our special newsserver deal or donate at: https://sabnzbd.org/donate
Re: "nzbdwinbeast2" keeps downloading
I am a member. I checked and there appears to be no where to enter a sabnzbd api key. Plus I have 2FA on that site, if that matters. Maybe there was before the hack IDK. But I can change the sab api key and I changed my sab login password