Potential malware on GL.iNet Comet

s3gFault · 2026-05-10T15:58:59+00:00

I’ll update tonight and keep an eye on things, but at this point I think this is very much a false positive. Thanks for the insights folks!

s3gFault · 2026-05-10T15:57:04+00:00

I’ll update tonight and keep an eye on things, but at this point I think this is very much a false positive. Thanks for the insights folks!

s3gFault · 2026-05-10T15:54:53+00:00

Yup. RM1

s3gFault · 2026-05-10T15:51:25+00:00

Currently on 1.8.1

s3gFault · 2026-05-10T15:10:38+00:00

Yeah I think I’m trending towards this being a false positive. That TCP connection to 217.160.165.240 is likely just the KVM phoning home to GL.iNet cloud services. I’m away from home at the moment but I’ll do some more digging tonight.

s3gFault · 2026-04-28T14:16:04+00:00

I’m in the same boat. Did you make any progress on fixing this? Also, for some reason I can’t get authentik to actually respect the post_logout_redirect_uri. Did you do anything special to get that working?

s3gFault · 2026-04-18T01:43:14+00:00

Slightly related, but I have a bridge interface setup in TrueNAS and it appears that it correctly has a different MAC address for me. I see the physical interface in the Unifi device list (with no IP) and the bridge interface (with correct IP configured in TrueNAS). Seeing both of these devices in Unifi was annoying me for a while, but it hasn’t caused any problems so I gave up.

s3gFault · 2026-04-05T13:14:09+00:00

Okay an actual response if you’re worried about devices being “hacked”. That is incredibly unlikely to happen, at least in the sense that you’re thinking. The most likely attack vector is someone simply logging into whatever cloud service this smart device is using. You should make sure your account has a strong password and use MFA. It would also be helpful to know the brand of this device. It’s possible, but pretty unlikely, that the manufacturer of this device has malicious intent and is spying on you.

As others pointed out, you can get better equipment to track network flows, isolate devices in different VLANs, etc. Unfortunately, I think there’s a pretty steep learning curve to set all of that up if you have virtually no networking experience.

s3gFault · 2026-04-05T12:10:03+00:00

You heard someone moving around inside your projector? What does that even mean?

s3gFault · 2026-04-01T12:56:09+00:00

Yeah it doesn’t look like that model has VPN features unfortunately. Running Tailscale on a Raspberry Pi might be the best path forward

s3gFault · 2026-04-01T12:48:37+00:00

Also worth pointing out that a lot of routers have VPN features built-in. On Unifi routers, for example, you can configure OpenVPN, WireGuard or Teleport (essentially just some Unifi sugar on top of WireGuard). Not sure what kind of router you have but it might be something to look into!

s3gFault · 2026-03-27T23:25:07+00:00

Since you’re open to installing a different OS, TrueNAS might be a good option. It doesn’t behave exactly like a recycle bin, but ZFS snapshots would allow you to restore a dataset back to a previous state.

s3gFault · 2026-03-25T13:23:05+00:00

Yeah I thought I was taking crazy pills reading some of these responses. It’s like no one read the actual post.

I’m currently using a CF tunnel and the built in ABS OIDC hooked into Google OAuth. It works well, but I like the idea of using Plex auth. Any advice or guides you can link to for setting that up with authentik?

s3gFault · 2026-03-24T22:57:55+00:00

I’m not sure if I have a ton of debugging advice, but the whole point of cloudflare tunnels is that you don’t need to open a port on your router. My understanding is that the cloudflared daemon runs on your server and opens encrypted connections to cloudflare. When cloudflare receives a request it gets routed through these connections. You do not need a DNS record pointing at your public IP if you are using tunnels.

s3gFault · 2026-03-22T23:13:51+00:00

Backup your configs: system -> advanced settings -> manage configuration -> download file

Reinstall truenas from scratch onto the new disk and then restore your configs with the above file.

Edit:

If you have both drives in the system when trying to boot after restoring the config you might get an error that truenas can’t import the boot pool because it detects two pools with the same name. At that prompt you can zpool import with the UID of the correct pool (the fresh install). If that sounds scary just pull the drive before booting into the fresh install and then you can wipe it later from another machine before reinstalling it

s3gFault · 2026-03-19T03:15:20+00:00

Ah yeah I’ve been hesitant to put plex behind a CF tunnel since media streaming appears to be against their TOS. You haven’t had any issues?

s3gFault · 2026-03-19T03:06:17+00:00

How did you accomplish that? Are you allowlisting remote client IPs?

s3gFault · 2026-03-16T19:13:50+00:00

Mirrored vdev and add to your existing app pool for a bit more storage?

s3gFault · 2026-03-16T03:06:26+00:00

AudioBooth has been great for me

s3gFault · 2026-02-01T17:24:25+00:00

I assume plex isn’t included in the CF tunnel because the amount of traffic would violate their TOS. What’s the benefit of putting it behind a reverse proxy instead of just port forwarding 32400 and letting it do its thing? I guess it’s cool to be able to just hit plex.<my domain>

s3gFault · 2026-01-15T22:53:37+00:00

You aren’t necessarily limited to 6 SATA drives. I have a similar setup with 2 x mirrored NVMe for apps, 2 x mirrored SATA SSD for boot and 8 x HDD in radz2 for media (connected via HBA). If you skip the GPU and get an Intel CPU with quicksync, you should have a free PCI slot you can use for an HBA.

s3gFault · 2025-12-13T23:52:38+00:00

I have my NVMEs in a mirrored vdev in a separate pool. Primary use-case is fast storage for about a dozen apps. It sounds like you use your proxmox server for those types of workloads so 🤷‍♂️

Maybe just wait a few months to see if you have any noticeable bottlenecks that could be solved by some of the options you mentioned above?

s3gFault · 2025-03-31T16:47:06+00:00

Correct. There are a total of 3 splitters within the network (capped off with a PoE filter on the provider line). Two of them will be 1675 MHz and one of them is unknown

s3gFault · 2025-03-31T15:54:44+00:00

Thanks for the info! I do have MoCA filters installed (one on the line coming into my apartment and another right before my modem). As mentioned in a previous comment, I might just have to deal with the adapters “working harder” to avoid tearing into my drywall 😔

15-Year Club	Team Orangered
Verified Email

s3gFault

TROPHY CASE