High CPU usage & service abuse
- 
After installing it when it came out and forgetting about it until now, I noticed it was having high CPU usage in top. (20-60%)Logging in and checking the dashboard it seems that it's being abused by clients globally and processed 14.5 million queries in the last 7 days. (mostly for pizzaseo.com) This looks like the default install is open to the world and open to abuse. In the /#dns settings I found the Access Settings, but since I don't have a static IP, it doesn't help to put a dynamic one there temporarily. Is there a best practice we can configure for a private/secure by default install? 
- 
After installing it when it came out and forgetting about it until now, I noticed it was having high CPU usage in top. (20-60%)Logging in and checking the dashboard it seems that it's being abused by clients globally and processed 14.5 million queries in the last 7 days. (mostly for pizzaseo.com) This looks like the default install is open to the world and open to abuse. In the /#dns settings I found the Access Settings, but since I don't have a static IP, it doesn't help to put a dynamic one there temporarily. Is there a best practice we can configure for a private/secure by default install? @robi If you're running this on CR at home, block port 53 at your firewall from public but allow it from internal. If you are on a VPS, you'd probably want something like dyndns.org to auto update stuff I'd think? 
- 
@robi If you're running this on CR at home, block port 53 at your firewall from public but allow it from internal. If you are on a VPS, you'd probably want something like dyndns.org to auto update stuff I'd think? @doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now. Backups have been failing, and who knows what else. 
- 
@doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now. Backups have been failing, and who knows what else. 
- 
 
 impressive. no wonder backup failed.-rw-r--r-- 1 root root 237376357024 Jan 1 22:23 querylog.jsonhuman readable: -rw-r--r-- 1 root root 222G Jan 1 22:23 querylog.json@robi it's a serious issue you have (think of IP reputation!) but it was also mentioned before: https://forum.cloudron.io/topic/3840/adguard-on-upcoming-cloudron-v6-ddos-reflection-amplification And it's in the docs: https://docs.cloudron.io/apps/adguard-home/#securing-installation I think DDNS doesn't work because you have to add an IP in AdGuard, I have the same issue with my home connection, that's why I don't use AdGuard in my personal Cloudron. I run Pi-Hole in my home network on a Raspberry Pi. 
- 
 
 impressive. no wonder backup failed.-rw-r--r-- 1 root root 237376357024 Jan 1 22:23 querylog.jsonhuman readable: -rw-r--r-- 1 root root 222G Jan 1 22:23 querylog.json@robi Can you check what is taking so much space? Is this log files? 
- 
@doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now. Backups have been failing, and who knows what else. @robi Does your VPS provider not let you block port 53? Or do you need it to be accessible externally? 
- 
@robi Does your VPS provider not let you block port 53? Or do you need it to be accessible externally? @atrilahiji I might be wrong about this but I think port 53 needs to be used to resolve DNS, and since @robi mentioned that he installed it on a business VPS it has to be publicly accessible for it to function. If it were a homelab would this be less of an issue? 
- 
@atrilahiji I might be wrong about this but I think port 53 needs to be used to resolve DNS, and since @robi mentioned that he installed it on a business VPS it has to be publicly accessible for it to function. If it were a homelab would this be less of an issue? 
- 
@girish yeah, the querylog was 222gigs eeeeek! @doodlemania2 I decreased the query log retention from 90 days to 7 days as the default. But depending on the use case, it can be disabled altogether in the settings file. 
- 
@girish yeah, the querylog was 222gigs eeeeek! @doodlemania2 
 Thanks torcloneI uploaded all 222GB to my Google Drive in less then a couple hours. (didn't time it, but expected it to be much longer.)VPS is on a 200mbit line last time I checked, so could be under an hour. 
 If only we had network graph stats.
 


