High CPU usage & service abuse
-
After installing it when it came out and forgetting about it until now, I noticed it was having high CPU usage in
top. (20-60%)Logging in and checking the dashboard it seems that it's being abused by clients globally and processed 14.5 million queries in the last 7 days. (mostly for pizzaseo.com)
This looks like the default install is open to the world and open to abuse.
In the /#dns settings I found the Access Settings, but since I don't have a static IP, it doesn't help to put a dynamic one there temporarily.
Is there a best practice we can configure for a private/secure by default install?
-
After installing it when it came out and forgetting about it until now, I noticed it was having high CPU usage in
top. (20-60%)Logging in and checking the dashboard it seems that it's being abused by clients globally and processed 14.5 million queries in the last 7 days. (mostly for pizzaseo.com)
This looks like the default install is open to the world and open to abuse.
In the /#dns settings I found the Access Settings, but since I don't have a static IP, it doesn't help to put a dynamic one there temporarily.
Is there a best practice we can configure for a private/secure by default install?
@robi If you're running this on CR at home, block port 53 at your firewall from public but allow it from internal. If you are on a VPS, you'd probably want something like dyndns.org to auto update stuff I'd think?
-
@robi If you're running this on CR at home, block port 53 at your firewall from public but allow it from internal. If you are on a VPS, you'd probably want something like dyndns.org to auto update stuff I'd think?
@doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now.
Backups have been failing, and who knows what else.
-
@doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now.
Backups have been failing, and who knows what else.
-
impressive. no wonder backup failed.-rw-r--r-- 1 root root 237376357024 Jan 1 22:23 querylog.jsonhuman readable:
-rw-r--r-- 1 root root 222G Jan 1 22:23 querylog.json -
impressive. no wonder backup failed.-rw-r--r-- 1 root root 237376357024 Jan 1 22:23 querylog.jsonhuman readable:
-rw-r--r-- 1 root root 222G Jan 1 22:23 querylog.json@robi it's a serious issue you have (think of IP reputation!) but it was also mentioned before:
https://forum.cloudron.io/topic/3840/adguard-on-upcoming-cloudron-v6-ddos-reflection-amplification
And it's in the docs:
https://docs.cloudron.io/apps/adguard-home/#securing-installation
I think DDNS doesn't work because you have to add an IP in AdGuard, I have the same issue with my home connection, that's why I don't use AdGuard in my personal Cloudron. I run Pi-Hole in my home network on a Raspberry Pi.
-
impressive. no wonder backup failed.-rw-r--r-- 1 root root 237376357024 Jan 1 22:23 querylog.jsonhuman readable:
-rw-r--r-- 1 root root 222G Jan 1 22:23 querylog.json -
@girish yeah, the querylog was 222gigs eeeeek!
-
@doodlemania2 it's on a biz VPS and the abuse is severe enough to have used up 200+GB of disk space, which I need to track down now.
Backups have been failing, and who knows what else.
@robi Does your VPS provider not let you block port 53? Or do you need it to be accessible externally?
-
@robi Does your VPS provider not let you block port 53? Or do you need it to be accessible externally?
@atrilahiji I might be wrong about this but I think port 53 needs to be used to resolve DNS, and since @robi mentioned that he installed it on a business VPS it has to be publicly accessible for it to function. If it were a homelab would this be less of an issue?
-
@atrilahiji I might be wrong about this but I think port 53 needs to be used to resolve DNS, and since @robi mentioned that he installed it on a business VPS it has to be publicly accessible for it to function. If it were a homelab would this be less of an issue?
-
@girish yeah, the querylog was 222gigs eeeeek!
-
@girish yeah, the querylog was 222gigs eeeeek!
@doodlemania2
Thanks torcloneI uploaded all 222GB to my Google Drive in less then a couple hours. (didn't time it, but expected it to be much longer.)VPS is on a 200mbit line last time I checked, so could be under an hour.
If only we had network graph stats.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login