URGENT HELP NEEDED - IP Blocked - Unable to remove app
-
Hetzner blocked the IP of my server
๐คจ
For what reason? And what exactly do you mean by blocked? Did you get a mail that says your account is blocked/locked? If your account is blocked/locked, you would have no access via VNC.
Eh
Your helper would be https://docs.cloudron.io/packaging/cli/ but if "ip is blocked" it won't do much.If you are connected via vnc + ssh, you can always just use plain docker to stop containers.
docker ps -aLook for your app, find the id
docker stop $IDNot the nice way, but works.
Maybe also shutdown thebox.servicewithsystemctl stop box.serviceso Cloudron will not intervene with anything. -
They finally relented and gave me access to the GUI, so I could stop and remove the app!
How can I purge it from all backups?
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
How can I purge it from all backups?
That you will have to do by hand.
-
Hetzner blocked the IP of my server
๐คจ
For what reason? And what exactly do you mean by blocked? Did you get a mail that says your account is blocked/locked? If your account is blocked/locked, you would have no access via VNC.
Eh
Your helper would be https://docs.cloudron.io/packaging/cli/ but if "ip is blocked" it won't do much.If you are connected via vnc + ssh, you can always just use plain docker to stop containers.
docker ps -aLook for your app, find the id
docker stop $IDNot the nice way, but works.
Maybe also shutdown thebox.servicewithsystemctl stop box.serviceso Cloudron will not intervene with anything.@BrutalBirdie said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
For what reason? And what exactly do you mean by blocked? Did you get a mail that says your account is blocked/locked? If you, you would have no access via VNC.
Some asshat used my Jirafeau app instance to host very bad stuff!
Hetzner sent an email I didn't see until after the one hour deadline they give you to respond. Then blocked my server's IP address.
The worst thing was they didn't listen or want to understand that I use Cloudron and have no way to remove the offending share links without accessing the GUI to remove the app.
Just stopping the app from CLI would have been handy.
-
@BrutalBirdie said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
For what reason? And what exactly do you mean by blocked? Did you get a mail that says your account is blocked/locked? If you, you would have no access via VNC.
Some asshat used my Jirafeau app instance to host very bad stuff!
Hetzner sent an email I didn't see until after the one hour deadline they give you to respond. Then blocked my server's IP address.
The worst thing was they didn't listen or want to understand that I use Cloudron and have no way to remove the offending share links without accessing the GUI to remove the app.
Just stopping the app from CLI would have been handy.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
Some asshat used my Jirafeau app instance to host very bad stuff!
"Some asshat" in the meaning of, some random user from the World Wide Web?
If so, why did you host a public and anonymous file sharing service? This only invites bad actors, sadly
If you did so unknowingly, please see https://docs.cloudron.io/apps/jirafeau/#restricting-uploads
You can lock down the upload with a password or IP whitelist. (Does not protect from leakage of the password).
If you have people leaking your passwords, have a serious talk about legal consequences.@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
The worst thing was they didn't listen or want to understand that I use Cloudron and have no way to remove the offending share links without accessing the GUI to remove the app.
I mean. . . technically you don't . . . Cloudron is "just docker" with a lot on top.
I know, I know. Not the nice approach, but TECHNICALLY correct
Also, you expect the random Support person of provider XYZ, this case Hetzner, to know and understand what Cloudron is and that YOU random user xyz that got locked down for "bad stuff" is not just spewing anything to save one's hide.
They are also legally responsible for what happens on their systems, they need to act this way.
Harsh, but needed.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
but couldn't find the right ID
You can run:
docker inspect $ID --format='{{json .Config.Env }}'and then read the
CLOUDRON_APP_DOMAINor all the other vars from the app to find yours.or even do something like:
note: this needs yq installed thofor ID in $(docker ps -aq); do printf "$ID has "; docker inspect $ID --format='{{json .Config.Env }}' | yq '.[] | select(test("CLOUDRON_APP_DOMAIN"))'; doneThis will scan all container ids and print each
CLOUDRON_APP_DOMAIN.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
Another thought, how can I be more proactive and monitor / stop customers or the great unwashed masses from uploading horrible crap?
Can ClamAV scan for abusive content?
If people want to do illegal stuff, they will do illegal stuff.
"Life Finds a Way" - meaning, stuff can be obscured and encrypted no scanner can save you from that.
Choose your users wisely and lockdown your services.
You can only report that user to the authorities and deny him ever using any of your services ever again. (If you know the user, back to my first paragraph)@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
The Hetzner system is horrible. They now send an automated reply to let me know they got my message to every reply I send them lol
Not now.
That is totally normal. They always send the "we got your message" response to let you know, YES your message indeed DID arrive.
Nothing bad about it and common practice for ticket systems.
"is horrible" is just your interpretation I guess because you felt ignored by automated responses I guess? -
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
Some asshat used my Jirafeau app instance to host very bad stuff!
"Some asshat" in the meaning of, some random user from the World Wide Web?
If so, why did you host a public and anonymous file sharing service? This only invites bad actors, sadly
If you did so unknowingly, please see https://docs.cloudron.io/apps/jirafeau/#restricting-uploads
You can lock down the upload with a password or IP whitelist. (Does not protect from leakage of the password).
If you have people leaking your passwords, have a serious talk about legal consequences.@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
The worst thing was they didn't listen or want to understand that I use Cloudron and have no way to remove the offending share links without accessing the GUI to remove the app.
I mean. . . technically you don't . . . Cloudron is "just docker" with a lot on top.
I know, I know. Not the nice approach, but TECHNICALLY correctAlso, you expect the random Support person of provider XYZ, this case Hetzner, to know and understand what Cloudron is and that YOU random user xyz that got locked down for "bad stuff" is not just spewing anything to save one's hide.
They are also legally responsible for what happens on their systems, they need to act this way.
Harsh, but needed.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
but couldn't find the right ID
You can run:
docker inspect $ID --format='{{json .Config.Env }}'and then read the
CLOUDRON_APP_DOMAINor all the other vars from the app to find yours.or even do something like:
note: this needs yq installed thofor ID in $(docker ps -aq); do printf "$ID has "; docker inspect $ID --format='{{json .Config.Env }}' | yq '.[] | select(test("CLOUDRON_APP_DOMAIN"))'; doneThis will scan all container ids and print each
CLOUDRON_APP_DOMAIN.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
Another thought, how can I be more proactive and monitor / stop customers or the great unwashed masses from uploading horrible crap?
Can ClamAV scan for abusive content?
If people want to do illegal stuff, they will do illegal stuff.
"Life Finds a Way" - meaning, stuff can be obscured and encrypted no scanner can save you from that.
Choose your users wisely and lockdown your services.
You can only report that user to the authorities and deny him ever using any of your services ever again. (If you know the user, back to my first paragraph)@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
The Hetzner system is horrible. They now send an automated reply to let me know they got my message to every reply I send them lol
Not now.
That is totally normal. They always send the "we got your message" response to let you know, YES your message indeed DID arrive.
Nothing bad about it and common practice for ticket systems.
"is horrible" is just your interpretation I guess because you felt ignored by automated responses I guess?@BrutalBirdie thank you for your detailed response.
Yes, I should have done better and was ignorant about my little file sharing app not being abused. It was convenient for getting customers to share large files and I didn't think somebody outside a very small group would find it.
That was very small minded and ignorant of me! Perhaps, this can serve as a good example of what NOT to do
I am taking your advice and agree that 'life will find a way'. I will make it harder for it to do that
Hetzner's barrage of automated messages and their support team not listening to what I was saying really drove me up the wall tonight. I agree with you that they cannot be expected to know what Cloudron is (it's great - especially its community), so I tried to explain to them what I needed.
It was simply a temporary lifting of the block for my static IP at the office, so I can access the GUI. They finally relented and lifted the block but sadly for all. I was quick, so hopefully it minimised the risk of further files being shared!
I know they do the right thing, and I would I have done the same in general. The nuance is the method of communication and lack of 'listening', while repeatedly asking for the same info. It felt like talking to a wall.
I would improve their process by adding SMS notification or even a call to the number they have on file for me (and customers in general). That and limiting to 'we confirm we have your email' to once per thread, not every single message.
For Cloudron, I hope we can add a note to the docu to help anyone who is finding themselves in a similar predicament and don't have you or a member of the community around to remind them of how to find app ID's
I stopped using Docker and Portainer to enjoy SysAdmin life in blissful ignorance by using a GUI.
Thank you, @BrutalBirdie. Have a good evening.
๐ Find our more www.bebraver.online
-
@BrutalBirdie thank you for your detailed response.
Yes, I should have done better and was ignorant about my little file sharing app not being abused. It was convenient for getting customers to share large files and I didn't think somebody outside a very small group would find it.
That was very small minded and ignorant of me! Perhaps, this can serve as a good example of what NOT to do
I am taking your advice and agree that 'life will find a way'. I will make it harder for it to do that
Hetzner's barrage of automated messages and their support team not listening to what I was saying really drove me up the wall tonight. I agree with you that they cannot be expected to know what Cloudron is (it's great - especially its community), so I tried to explain to them what I needed.
It was simply a temporary lifting of the block for my static IP at the office, so I can access the GUI. They finally relented and lifted the block but sadly for all. I was quick, so hopefully it minimised the risk of further files being shared!
I know they do the right thing, and I would I have done the same in general. The nuance is the method of communication and lack of 'listening', while repeatedly asking for the same info. It felt like talking to a wall.
I would improve their process by adding SMS notification or even a call to the number they have on file for me (and customers in general). That and limiting to 'we confirm we have your email' to once per thread, not every single message.
For Cloudron, I hope we can add a note to the docu to help anyone who is finding themselves in a similar predicament and don't have you or a member of the community around to remind them of how to find app ID's
I stopped using Docker and Portainer to enjoy SysAdmin life in blissful ignorance by using a GUI.
Thank you, @BrutalBirdie. Have a good evening.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
It was convenient for getting customers to share large files and I didn't think somebody outside a very small group would find it.
Use something like Nextcloud and setup a public folder where customers can send data into (also no upload limit) but it can be moderated by you.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
That was very small minded and ignorant of me! Perhaps, this can serve as a good example of what NOT to do
Nah! It is just something that slips past anyone at some point.
Since Cloudron does make it so easy to just host something, these things can and will happen.
I also had such reports once because I forgot to set up https://docs.cloudron.io/apps/kutt/#registration and anyone could create shortened URLs with MY DOMAIN and serve heinous shit.
Did also get flagged for that@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
I am taking your advice and agree that 'life will find a way'. I will make it harder for it to do that
That is the best we all can do
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
It was simply a temporary lifting of the block for my static IP at the office, so I can access the GUI
They are reasonable
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
It felt like talking to a wall.
What is your timezone? Maybe you did hit the skeleton shift
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
I would improve their process by adding SMS notification or even a call to the number they have on file for me (and customers in general).
They have extra contact channels. But only for BIG customers.
@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
For Cloudron, I hope we can add a note to the docu to help anyone who is finding themselves in a similar predicament and don't have you or a member of the community around to remind them of how to find app ID's
Indeed! This should be added to the first time setup message screen.
Will create a PR for that@3246 said in URGENT HELP NEEDED - IP Blocked - Unable to remove app:
I stopped using Docker and Portainer to enjoy SysAdmin life in blissful ignorance by using a GUI.
I feel you
it can be so cozy.Have a great evening as well.
-
note: I installed Jirafeau yesterday to see the first time setup message.
Did not uninstall it afterward and did not config.
Today I look at my Cloudron and see the app
so I check the file system of the app and yes, some bot already uploaded some test file.
With stuff like https://www.shodan.io/ the internet is scanned 24/7.
NetWatch is everywhere. People will find public services and use and abuse them. -
note: I installed Jirafeau yesterday to see the first time setup message.
Did not uninstall it afterward and did not config.
Today I look at my Cloudron and see the app so I check the file system of the app and yes, some bot already uploaded some test file.
With stuff like https://www.shodan.io/ the internet is scanned 24/7.
NetWatch is everywhere. People will find public services and use and abuse them.@BrutalBirdie that's a good test and thank you for sharing your findings! It should serve as a warning to anyone who just clicks 'install' o.O
-
J joseph marked this topic as a question
-
@3246 rough... But we learnt something at your expense. I have added a warning to the jirafeu checklist - https://git.cloudron.io/packages/jirafeau-app/-/merge_requests/10
-
J joseph has marked this topic as solved
