Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    High CPU usage & service abuse

    AdGuard Home
    6
    13
    602
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • robi
      robi last edited by

      After installing it when it came out and forgetting about it until now, I noticed it was having high CPU usage in top. (20-60%)

      Logging in and checking the dashboard it seems that it's being abused by clients globally and processed 14.5 million queries in the last 7 days. (mostly for pizzaseo.com)

      This looks like the default install is open to the world and open to abuse.

      In the /#dns settings I found the Access Settings, but since I don't have a static IP, it doesn't help to put a dynamic one there temporarily.

      Is there a best practice we can configure for a private/secure by default install?

      Life of Gratitude.
      Life of Advanced Technology

      doodlemania2 1 Reply Last reply Reply Quote 0
      • doodlemania2
        doodlemania2 App Dev @robi last edited by

        @robi If you're running this on CR at home, block port 53 at your firewall from public but allow it from internal. If you are on a VPS, you'd probably want something like dyndns.org to auto update stuff I'd think?

        robi 1 Reply Last reply Reply Quote 0
        • robi
          robi @doodlemania2 last edited by robi

          @doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now.

          Backups have been failing, and who knows what else.

          Life of Gratitude.
          Life of Advanced Technology

          doodlemania2 ? 2 Replies Last reply Reply Quote 0
          • doodlemania2
            doodlemania2 App Dev @robi last edited by

            @robi yikes! good luck sir

            1 Reply Last reply Reply Quote 0
            • robi
              robi last edited by robi

              036faf05-9a38-4cbe-8ddc-ba441fa524f5-image.png
              impressive. no wonder backup failed.

              -rw-r--r-- 1 root root 237376357024 Jan  1 22:23 querylog.json

              human readable:

              -rw-r--r-- 1 root root 222G Jan  1 22:23 querylog.json

              Life of Gratitude.
              Life of Advanced Technology

              imc67 girish 2 Replies Last reply Reply Quote 0
              • imc67
                imc67 translator @robi last edited by imc67

                @robi it's a serious issue you have (think of IP reputation!) but it was also mentioned before:

                https://forum.cloudron.io/topic/3840/adguard-on-upcoming-cloudron-v6-ddos-reflection-amplification

                And it's in the docs:

                https://docs.cloudron.io/apps/adguard-home/#securing-installation

                I think DDNS doesn't work because you have to add an IP in AdGuard, I have the same issue with my home connection, that's why I don't use AdGuard in my personal Cloudron. I run Pi-Hole in my home network on a Raspberry Pi.

                1 Reply Last reply Reply Quote 1
                • girish
                  girish Staff @robi last edited by

                  @robi Can you check what is taking so much space? Is this log files?

                  doodlemania2 1 Reply Last reply Reply Quote 0
                  • doodlemania2
                    doodlemania2 App Dev @girish last edited by

                    @girish yeah, the querylog was 222gigs eeeeek!

                    girish robi 2 Replies Last reply Reply Quote 0
                    • ?
                      A Former User @robi last edited by

                      @robi Does your VPS provider not let you block port 53? Or do you need it to be accessible externally?

                      T 1 Reply Last reply Reply Quote 0
                      • T
                        thpuffin @Guest last edited by

                        @atrilahiji I might be wrong about this but I think port 53 needs to be used to resolve DNS, and since @robi mentioned that he installed it on a business VPS it has to be publicly accessible for it to function. If it were a homelab would this be less of an issue?

                        robi 1 Reply Last reply Reply Quote 0
                        • robi
                          robi @thpuffin last edited by

                          @thpuffin @atrilahiji it would not be an issue because of NAT at home.

                          Life of Gratitude.
                          Life of Advanced Technology

                          1 Reply Last reply Reply Quote 0
                          • girish
                            girish Staff @doodlemania2 last edited by

                            @doodlemania2 I decreased the query log retention from 90 days to 7 days as the default. But depending on the use case, it can be disabled altogether in the settings file.

                            1 Reply Last reply Reply Quote 0
                            • robi
                              robi @doodlemania2 last edited by

                              @doodlemania2
                              Thanks to rclone I uploaded all 222GB to my Google Drive in less then a couple hours. (didn't time it, but expected it to be much longer.)

                              VPS is on a 200mbit line last time I checked, so could be under an hour.
                              If only we had network graph stats.

                              Life of Gratitude.
                              Life of Advanced Technology

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Powered by NodeBB