[SOLVED] hacking fears

D

diversity

Well-Known Member
Feb 19, 2020
252
16
58
55
Please do not get me wrong, I might just as well be entirely paranoid.

About a year and a half ago I had a hacking attempt by some of Russia's finest.

I was just in time to ward it off, I think, I hope but I am just not experienced enough to know for sure.

Now do not get me wrong. I love Russians, more particularly their women. I just do not align with their politics.

The thing is is that Even though I shut down the affected system and deleted it. I was not fast enough to also shut down all others.

So I am now I bit worried.

Every 4 seconds, for half a second all my drives on my main PVE system are doing something. I call it they grouwl.

gree. gree gree. every 4 seconds for half a second.

I have many PVE's but this is the only one displaying this behavior.

Should I go full paranoia mode and start all over or are there more sane methods of seeing what is going on here?
 
Is that the only PVE node that is using ZFS? By default ZFS will cache all async writes in RAM and flush them all 5 seconds to the disks causing a short disk activity all 5 seconds when there is not much to write.
 
Thank you for your contribution. But all my systems are ZFS. I have left any other file system many many years ago.

I will admit that I just lack the expertise to fully know what it is I am doing.

For example I never knowingly configure a cache drive while installing PVE.
 
but even though the disks are of good grade. would not this mean just more wear and tear?
 
If you care about wear you shouldn't use ZFS with its massive overhead. You could manually increase the time between flushes (zfs_txg_timeout option) but that will also mean you will loose more data on an power outage, hardware failure or kernel crash as everything cached in RAM will be lost. Now you loose just up to 5 seconds of data.
 
  • Like
Reactions: diversity
You must log in or register to reply here.
Top Bottom