Cloudron Forum

Thank you for the clarification, @girish . I have already reached out to security@cloudron.io and I’m currently awaiting a reply. I appreciate your assistance and look forward to hearing back soon. Best regards,

A temporary workaround: docker stop turn . Some platform updates might turn back the turn service on though (when updating the turn docker image).

This doesn't affect Cloudron as such but the upcoming mail addon update contains the fix.

@jagan from a quick reading, this doesn't apply to Cloudron, since we don't use fpm for WordPress (we use modphp)

@dsp76 that line is outdated, I will fix it. Cloudron apps do see the remote IP. In the past, they were hidden. But we got enough complaints that event logs inside apps were not useful anymore with internal private IPs. So, we have fixed up apps to have access to the Client/remote IP.

You can also check apt list --upgradable | grep security if those are actually security updates.

There are some hard coded rate limits - https://docs.cloudron.io/security/#rate-limits

OK, I'll try. Thanks for your suggestions.

@girish Yeah, I'm thinking the same thing. ubuntu is a sudo user, and if the default password Vultr was using was exploited, then I'd have to be looking or processes run by anything. I'll migrate. Thanks again.

FWIW, I just upgraded from Ubuntu 18 this evening. Cloudron's documentation from going from 18 to 20 was quite helpful, re: a collectd edit that I never would have thought to make, plus the specific MySQL Server migration rules. Everything went smoothly, but without the documentation, it wouldn't have. So kudos to the team.

I am still confused why they demand an answer from you, if your website is getting abused...

@girish yep will give it a try. What about the networking graphs, or even the stacked ones? Is that a realistic feature to ask for?

@girish said in Abuse report received: I found very similar reports in other server forums interesting, thank you also not sure what to make of it !

aw, thanks. i will attempt to use wordpress managed, as long as the export thing will work.

also, if any of you have tested this, let me know. I wonna know how you tested and how it was. i've also PM'd @3246 to see if he could test it while I'm still trying to find a server. and I think I might have to open port636 but maybe not, because duo connects to your actual server, not tryed to authenticate there, it wants a connection to your actual real life server. i'm curious to see how this will actually work, or if cloudron has a docker container i'd put it in.