Just had an Abuse Report against my Cloudron - What to do?
-
@timconsidine Thanks. The only app I had actively running but I haven't used or paid attention to for a while was LibreTranslate. I've deleted that app for now and just running Mastodon. Will see if that placates the Linode security team.
-
Out of interest, did you already have ClamAV installed or you installed it in response to this incident ?
Does it need to run while in rescue mode, or can it be run while VPS is running normally ? -
@shanelord01 Is there any other info on what kind of Brute Force is attempted?
Also, have you been with this IP and domain for a long enough time? I have seen these reports come very late after 6 months even. What is send_date and received_data in this context? The date of the report or the abuse?
-
@timconsidine They recommend using it in rescue mode. I had to install it (Linode provide an all-in-one script to update it and run the scan).
Minor issue with the GPG keys stopping apt from running that I had to fix (thanks ChatGPT for the assist).
Steps to fix
Here are the steps to fix the GPG error on Finnix Linux:-
Open a terminal or SSH into your Finnix Linux system.
-
Run the following command to retrieve the missing public keys:
gpg --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9 gpg --keyserver keyserver.ubuntu.com --recv-keys 6ED0E7B82643E131
-
Once the keys are imported, run the following command to export the keys to a file:
gpg --export 0E98404D386FA1D9 > pubkey1.asc gpg --export 6ED0E7B82643E131 > pubkey2.asc
-
Once the keys are imported, create a new file in the trusted.gpg.d directory using the touch command. For example:
touch /etc/apt/trusted.gpg.d/debian-keys.gpg
-
Now, move the exported key files to the
trusted.gpg.d
directory:sudo mv pubkey1.asc /etc/apt/trusted.gpg.d/debian-keys.gpg sudo mv pubkey2.asc /etc/apt/trusted.gpg.d/debian-keys.gpg
-
Update your package lists by running:
apt-get update
After following these modified steps, the missing GPG keys should be added to the
trusted.gpg.d
directory, and you should be able to update and install packages without encountering the GPG error. -
-
@shanelord01 BTW, in case you run AdGuard, please be aware of this security issue - https://docs.cloudron.io/apps/adguard-home/#securing-installation
-
-