Unprotected qBittorrent was abused to run a cryptominer
A public service used by a small friend group ran normally for about a year, then the server became slow. A program named `tcrond` was found running and using the server for . can run commands, and that feature can become dangerous when the app is exposed without protection.
The damage was limited because was running inside Docker. Any app reachable from the internet needs access protection unless it is certain that the app cannot do anything harmful.
Key points
- An exposed service can be abused if it is not protected.
- Sudden server slowness can be a sign of unwanted .
- A program named `tcrond` was found using the server for .
- ’s command-running feature can become a security risk when exposed.
- Docker limited the damage, but access protection is still needed.