Quick Reference
Exposed Sonarr/Radarr/API
We usually notified of these in dumps of info via third parties. You should always investigate ASAP.
Ensure that if you are browsing ANY URLS/IPs/exposed instances that you are using a VPN and that your VPN is running
-
Text search the IPs to see if I can find the account. *If I can't find the account via IP, I will do an API search to see which account turns up. Then I'll usually look at the IPs to see why it didn't show up on the text search. Maybe seedbox etc.
*I will also look at all the whitelisted IPs on the API section and see if they are maybe sharing their API key, which may explain why I couldn't find it via text search
-
Load up the Sonarr behind VPN.
-
Test indexer on Sonarr to see if API key is working.
-
Ideally, account that I found in #1 matches the API key found in the Sonarr.
-
Reset the API key first.
-
Then reset passkey/authkey, issue warning, disable
-
Retest API key in Sonarr to make sure key died.