[Help] Docker engine on up-to-date TOS 6 is vunerable for crypto-miners
Posted: 22 Feb 2026, 21:56
Hello.
Since i got my nas i enjoyed using it for the first few weeks, but noticed our drives were loud and overall system performance was meh.
After a bit of looking around i noticed i sadly felt victim of crypto-miners, they came through onto the host system and thus i reinstalled the whole machine.
Now less then 24h later, i checked dockhand, a nice tool to see your containers but i noticed this again:

It's the same exact issue as last time, but this time b/c i'm strictly running processes as a rootless user who can't do sudo, it didn't get so far to infect the crontab of the system and compromise it fully again.
I also only ran 2 containers, one of which is:
https://github.com/linuxserver/docker-q ... 4-r2-ls442
Which is up-to-date even with the version that came out yesterday.
So i delved in deeper, alot of users are using qbitorrent/that image and i don't hear anyone about any exploits, am i'm the only one?
I then checked docker and discovered this, and again i updated my ToS fully:

Seems ok? Well no because that docker engine version has ended it's support 9 MONTHS AGO!!
https://endoflife.date/docker-engine
And i wanted to update it like i'm used to with apt, but that's not the proper way to update the system/docker?
Since i got my nas i enjoyed using it for the first few weeks, but noticed our drives were loud and overall system performance was meh.
After a bit of looking around i noticed i sadly felt victim of crypto-miners, they came through onto the host system and thus i reinstalled the whole machine.
Now less then 24h later, i checked dockhand, a nice tool to see your containers but i noticed this again:

It's the same exact issue as last time, but this time b/c i'm strictly running processes as a rootless user who can't do sudo, it didn't get so far to infect the crontab of the system and compromise it fully again.
I also only ran 2 containers, one of which is:
https://github.com/linuxserver/docker-q ... 4-r2-ls442
Which is up-to-date even with the version that came out yesterday.
So i delved in deeper, alot of users are using qbitorrent/that image and i don't hear anyone about any exploits, am i'm the only one?
I then checked docker and discovered this, and again i updated my ToS fully:

Seems ok? Well no because that docker engine version has ended it's support 9 MONTHS AGO!!
https://endoflife.date/docker-engine
And i wanted to update it like i'm used to with apt, but that's not the proper way to update the system/docker?