Enormous Security Hazard
-
I made this account specifically so I can describe a gaping Cloudron security hole without further endangering any refugees. Anyone assisting those fleeing a war zone is liable to receive attention from the intelligence services of their state of origin.
I installed Cloudron on a system and configured it to work behind Cloudflare. Cloudron gets Cloudflare API access and manages DNS. The firewall on the machine is set to only permit http/https from Cloudflare's known IP prefixes.
There are certain applications, WHM being the one I noticed, where Cloudron will configure Cloudflare for DNS only. There is no warning that you're about to expose the public IP of your system, it just does it. This is catastrophic exposure, even if the system does not respond.
Once the public IP is known the system is exposed to denial of service and intrusion attempts. An attacker can easily find all IP prefixes in use at the hosting facility and provide similar attention to every other system there. Even if the Cloudron host is secure, the attacker will find systems that are not secure, and use this to encourage the hosting firm to cancel the service of the intended victim.
If this is something that can be handle with a configuration within the system, it should be made MUCH more obvious. An alert should happen for any change that will expose the IP address of a system configured for Cloudflare. If there is no way to enforce a Cloudflare only policy, that reveals an astonishing poverty of imagination on the part of the developers.
I'm going to go look at some things, but I suspect that later today I'm going to have to inform the board that we had a dangerous leak, and that this forces us to change hosting providers.
-
-
Hi there, I am not exactly sure which app you mean by WHM. Also note that any service which is not on 443 will not be proxied through Cloudflare anyways, but in your case probably should simply not be reachable to not expose the IP.
-
I made this account specifically so I can describe a gaping Cloudron security hole without further endangering any refugees. Anyone assisting those fleeing a war zone is liable to receive attention from the intelligence services of their state of origin.
I installed Cloudron on a system and configured it to work behind Cloudflare. Cloudron gets Cloudflare API access and manages DNS. The firewall on the machine is set to only permit http/https from Cloudflare's known IP prefixes.
There are certain applications, WHM being the one I noticed, where Cloudron will configure Cloudflare for DNS only. There is no warning that you're about to expose the public IP of your system, it just does it. This is catastrophic exposure, even if the system does not respond.
Once the public IP is known the system is exposed to denial of service and intrusion attempts. An attacker can easily find all IP prefixes in use at the hosting facility and provide similar attention to every other system there. Even if the Cloudron host is secure, the attacker will find systems that are not secure, and use this to encourage the hosting firm to cancel the service of the intended victim.
If this is something that can be handle with a configuration within the system, it should be made MUCH more obvious. An alert should happen for any change that will expose the IP address of a system configured for Cloudflare. If there is no way to enforce a Cloudflare only policy, that reveals an astonishing poverty of imagination on the part of the developers.
I'm going to go look at some things, but I suspect that later today I'm going to have to inform the board that we had a dangerous leak, and that this forces us to change hosting providers.
@Refugee_Ranger While the default is to use Cloudflare for DNS only, as it's required to install and set it up, you can manually switch any Apps you like to proxied as long as they're on port 80/443.
-
Hi there, I am not exactly sure which app you mean by WHM. Also note that any service which is not on 443 will not be proxied through Cloudflare anyways, but in your case probably should simply not be reachable to not expose the IP.
-
@robi said in Enormous Security Hazard:
Can't be Web Host Manager though, as there isn't Cloudron app for that is there?
-
@robi said in Enormous Security Hazard:
Can't be Web Host Manager though, as there isn't Cloudron app for that is there?
@jdaviescoates I read it as a contrast to WHM, which is an app, not as a CL App.
-
I made this account specifically so I can describe a gaping Cloudron security hole without further endangering any refugees. Anyone assisting those fleeing a war zone is liable to receive attention from the intelligence services of their state of origin.
I installed Cloudron on a system and configured it to work behind Cloudflare. Cloudron gets Cloudflare API access and manages DNS. The firewall on the machine is set to only permit http/https from Cloudflare's known IP prefixes.
There are certain applications, WHM being the one I noticed, where Cloudron will configure Cloudflare for DNS only. There is no warning that you're about to expose the public IP of your system, it just does it. This is catastrophic exposure, even if the system does not respond.
Once the public IP is known the system is exposed to denial of service and intrusion attempts. An attacker can easily find all IP prefixes in use at the hosting facility and provide similar attention to every other system there. Even if the Cloudron host is secure, the attacker will find systems that are not secure, and use this to encourage the hosting firm to cancel the service of the intended victim.
If this is something that can be handle with a configuration within the system, it should be made MUCH more obvious. An alert should happen for any change that will expose the IP address of a system configured for Cloudflare. If there is no way to enforce a Cloudflare only policy, that reveals an astonishing poverty of imagination on the part of the developers.
I'm going to go look at some things, but I suspect that later today I'm going to have to inform the board that we had a dangerous leak, and that this forces us to change hosting providers.
@Refugee_Ranger said in Enormous Security Hazard:
Cloudron will configure Cloudflare for DNS only
By default, Cloudron configures any new app for DNS only. You have to go to the Cloudflare dashboard to enable proxying. Once you enable it in Cloudflare, Cloudron will preserve the proxying flag.
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
