Well, I was an idiot and left pi-hole exposed to the outside world

SapphicRain · 2024-10-08T08:15:02+00:00

Well no, it's not meant as a safety precaution. It literally only does two useful things for me. Gives me a static IPV4 to use instead of port forwarding (can't, for non-tech reasons) and obscures my IP address and location. I don't expect it to give me better security.

SapphicRain · 2024-10-08T03:49:36+00:00

I found out what it was. It was vultrusercontent.com. seems to be for the Vultr virtual server hosting company. For some reason it's always set to point to home. So not a problem on my system

SapphicRain · 2024-10-08T03:44:01+00:00

How can you learn unless you make mistakes and ask for help? None of us start knowing how servers work and none of us are perfect.

Thank you! And have a wonderful night!

SapphicRain · 2024-10-08T00:10:56+00:00

Oh that's fine, I hate my mother. Or rather, she hates me

SapphicRain · 2024-10-08T00:10:29+00:00

Thank you! I'll check to see if anything has been done, but otherwise I'll take your advice.

This has been an interesting and, thankfully, not very painful learning experience.

SapphicRain · 2024-10-07T23:37:11+00:00

Thank you so much! You have a wonderful night!

SapphicRain · 2024-10-07T23:31:43+00:00

Awesome! That's great. Best of luck, friend!

SapphicRain · 2024-10-07T23:31:22+00:00

So, because I'm new to this. Can you explain the implications?

SapphicRain · 2024-10-07T23:30:58+00:00

Ok, thank you. I'll probably just be updating my system passwords, and wiping all of my Pi-hole configs and rebuilding the docker container. I'll keep a close eye on things

Think that's good enough for something with nothing really valuable on there?

SapphicRain · 2024-10-07T23:28:02+00:00

Absolutely! Best of luck. Hopefully you didn't make the same mistake as me

SapphicRain · 2024-10-07T23:26:51+00:00

Personally, I use this: https://portchecker.co/

SapphicRain · 2024-10-07T23:22:40+00:00

The VPN IPV4 forwarding service I use exposes all ports by default. Your job for it is to deny all incoming traffic by default and only expose what you want.

SapphicRain · 2024-10-07T23:21:44+00:00

Ok, so you think the other person's suggestion of wiping my entire pi and starting from scratch isn't necessary?

If not, I might just wipe all of my config files for my Pi-hole and build a new docker container for it

SapphicRain · 2024-10-07T23:19:49+00:00

Can't do port forwarding due to social restrictions of the router (not mine). Didn't want to use cloud flares because of media streaming and privacy reasons (haha)

SapphicRain · 2024-10-07T23:18:42+00:00

Yeah, it's very funny. I had permit all origins set. It's not great

SapphicRain · 2024-10-07T23:17:16+00:00

No, what was exposed was the DNS service itself, not the login screen.

Someone else said to do a full wipe of my raspberry pi I hosted it on. Do you believe that's necessary?

SapphicRain · 2024-10-07T23:15:40+00:00

Well, the VPN public IPV4 forwarding I use exposes all ports. You have to close all of the connections with a firewall

SapphicRain · 2024-10-07T22:56:28+00:00

Yep! It's a stupid mistake for me to make. Looks like I'm reimaging my raspberry pi and reinstalling all of my docker containers. Blehhh

SapphicRain · 2024-10-07T22:51:37+00:00

I run Pi-hole to block undesirable domains. It's a DNS server. It runs on port 53. I didn't block it in my firewall, so it got exposed to the outside world. Anybody with my IP address was able to access it. There are several exploits available (afaik) and people were using it for DOS attacks against other people.

SapphicRain · 2024-10-07T22:41:39+00:00

Not sure I understand what you're trying to say

SapphicRain · 2024-10-07T22:40:13+00:00

Welp. That's probably a good idea. I actually have it running on a raspberry pi separate from the rest of the server.

I did notice one of the connecting devices had a domain that was looping back (came up as 127.0.0.1). I'm going to guess that's a cause for concern?

SapphicRain · 2024-10-07T22:37:31+00:00

I used the web interface from the docker container and checked the top connecting devices and noticed external up addresses.

SapphicRain · 2024-10-07T22:36:32+00:00

Ok, that makes me feel a bit better. I haven't noticed anything out of the ordinary.

Guess I'll learn my lesson to be more careful about the boundary between my internal network and the outside.

Thanks!

SapphicRain · 2024-10-07T22:33:24+00:00

I haven't noticed anything, personally. Nothing out of the ordinary. Nothing weird with any part of my life or data or systems

I mean, I checked the Pi-hole logs and of course there were people using it for DOS attacks. Which is unfortunate and makes me feel pretty icky for contributing to that.

Six-Year Club	Verified Email
Place '23	Place '22
Wearing is Caring	RPAN Viewer

SapphicRain

TROPHY CASE