Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • 0 Votes
    7 Posts
    204 Views
    girishG

    On second thoughts, I will mark this issue as 'resolved' here. If you can send us a detailed report to security@cloudron.io , would be much appreciated.

    edit: i actually see that you already reported this there. Thanks, let's follow up there.

  • SMTP Server of Cloudron - rate limit

    Solved Support
    3
    1 Votes
    3 Posts
    70 Views
    girishG

    There are some hard coded rate limits - https://docs.cloudron.io/security/#rate-limits

  • Security Ubuntu

    Solved Support
    9
    1 Votes
    9 Posts
    242 Views
    O

    OK, I'll try.
    Thanks for your suggestions.

  • 0 Votes
    1 Posts
    43 Views
    No one has replied
  • Vultr Vulnerability

    Solved Support
    9
    2 Votes
    9 Posts
    280 Views
    ryangorleyR

    @girish Yeah, I'm thinking the same thing. ubuntu is a sudo user, and if the default password Vultr was using was exploited, then I'd have to be looking or processes run by anything. I'll migrate. Thanks again.

  • 0 Votes
    1 Posts
    37 Views
    No one has replied
  • 1 Votes
    5 Posts
    163 Views
    jegillikin 0J

    FWIW, I just upgraded from Ubuntu 18 this evening. Cloudron's documentation from going from 18 to 20 was quite helpful, re: a collectd edit that I never would have thought to make, plus the specific MySQL Server migration rules. Everything went smoothly, but without the documentation, it wouldn't have. So kudos to the team.

  • AWS Abuse Report

    Solved Support
    9
    0 Votes
    9 Posts
    283 Views
    girishG

    I am still confused why they demand an answer from you, if your website is getting abused...

  • 4 Votes
    23 Posts
    481 Views
    D

    @girish yep will give it a try. What about the networking graphs, or even the stacked ones? Is that a realistic feature to ask for? 🙏

  • Abuse report received

    Solved Support
    22
    1 Votes
    22 Posts
    525 Views
    timconsidineT

    @girish said in Abuse report received:

    I found very similar reports in other server forums

    interesting, thank you

    also not sure what to make of it !

  • cloudflared request

    Locked Feature Requests
    3
    1 Votes
    3 Posts
    109 Views
    adisonA

    o sorry, didn't know that was there

  • 0 Votes
    8 Posts
    368 Views
    adisonA

    aw, thanks. i will attempt to use wordpress managed, as long as the export thing will work.

  • fido2support

    Feature Requests
    27
    11 Votes
    27 Posts
    675 Views
    A

    by the way, that link was a link from security now, a podcast i regularly listen to.
    here is the official duo security address.
    my business has used it before, so i think its pretty good at what it does.

  • 2 Votes
    1 Posts
    751 Views
    No one has replied
  • 1 Votes
    5 Posts
    132 Views
    girishG

    tl;dr - If you have the above problem apt install python3-magic . Then, run apt update . On another server, unattended-upgrades package was missing as well (!) Not sure how because Cloudron installs it at install time. So, install it and run unattended-upgrade -d.

  • 2 Votes
    14 Posts
    471 Views
    L

    Like Hetzner, Contabo also offers DDoS protection:
    https://contabo.com/en/ddos-protection/#what-are-the-limits-of-contabo-ddos-protection

    From Claude AI:

    Here are a few key points comparing layer 7 and layer 4 DDoS mitigation for protecting websites that stream audio/video:

    Layer 7 (application layer) DDoS protection can detect and mitigate more sophisticated application-layer attacks that target weaknesses in the web application code, such as HTTP floods, low and slow attacks, and exploits that abuse APIs.

    Layer 4 (transport layer) DDoS protection focuses on network and volumetric attacks like UDP and ICMP floods which aim to consume bandwidth and overload infrastructure.

    For streaming websites, a hybrid approach providing both layer 4 and 7 mitigation is recommended. Layer 4 protects against bandwidth-exhaustion attacks while layer 7 covers exploits at the application layer.

    Top providers known for DDoS protection services include Cloudflare, Akamai, Imperva, F5 Networks, and Radware. Specific solutions include:

    Cloudflare Magic Transit and Spectrum
    Akamai Prolexic Routed
    Imperva Advanced DDoS Protection
    F5 Silverline
    Radware DefensePro
    Features like behavioral analysis, per-client throttling, SSL decryption, and integration with CDNs and DNS services make these robust protections against network and app-layer DDoS attacks.

    In summary, combining layer 4 and 7 DDoS mitigation from a reputable provider gives streaming sites the best protection against volumetric bandwidth attacks and application exploits. Cloudflare, Akamai, and Imperva are leaders in the space

  • 0 Votes
    2 Posts
    109 Views
    humptydumptyH

    @LoudLemur I use cryptomator to encrypt sensitive files that I have on my nextcloud. Your use case is a bit trickier as you have multiple people working on the same file simultaneously. Take a look at the existing apps in the App Store like collabora, onlyoffice, and cryptpad. Cryptpad might be your best option though as it’s end to end encrypted.

    Edit: There’s also baserow and noco. I’m not sure if the databases are encrypted.

  • 0 Votes
    29 Posts
    795 Views
    scookeS

    @andreasdueren I'd be cautious about implementing it then. Cloudron hardens your server enough - doing more by installing more software, which is NOT recommended, will only lead to problems, especially if you don't already have a deep enough understanding of what is happening. It seems to be that @BrutalBirdie's gang knows their stuff (they're using Ansible to install Cloudron??? Yeah, that is next level coding there). Of course, they may also be paying for the Enterprise level of service (I'm not asking btw, no need to respond to that @BrutalBirdie ) so if they have hassles then I suppose it's fine for them to get help beyond typical Cloudron support, especially if they are doing more to their servers than what Cloudron themselves advise.

  • 1 Votes
    4 Posts
    137 Views
    DanTheManD

    https://securityheaders.com/

    And some information about, who, why and how...
    https://securityheaders.com/about/
    https://securityheaders.com/faq/

  • 1 Votes
    3 Posts
    145 Views
    skinnylatteS

    @nebulon Thank you, I will investigate today and let you know.