Stapel an Containern
Lucas, Kiya | 23.8.2023

How to Avoid Your Docker Container Getting Hacked

Web > How to Avoid Your Docker Container Getting Hacked

While testing a Docker deployment of hellopaint.io on a Hetzner root server, I discovered some startling gaps in network security. The server was configured with Uncomplicated Firewall (ufw) to explicitly allow traffic on specific ports, with the assumption that the exposed ports would only be accessible on the host due to ufw. In this test environment, because of my initial assessment, I didn't set up a secure database password.

One fateful morning, I received a network abuse report for my Hetzner server with an accompanying order for lockdown. Apparently, Docker bypasses the ufw, and my PostgreSQL database with a weak password was left exposed on the internet. It seems an automatic scan found it and hacked into it, scouring for more targets. Fortuitously, they were unable to breach the container leaving minimal damage in their wake (aside from my heightened stress level).

The moral of the story is, strong passwords should always be your practice, whether in a testing or production environment.

Refer to ufw-docker for more insight into this Docker vs ufw loophole and how to mitigate such a risk. An equally enlightening tale, sure to raise a few hairs, can also be found here: blog.newsblur.com.

Content
  • How did the Docker container get hacked?
  • What countermeasures have been employed?
  • How to securely set up a Docker container deployment?
Lucas Meurer
Lucas (Softwareentwickler)

... ist mit Leib und Seele vielseitiger Full-Stack-Entwickler am Standort Hannover. Leidenschaftlich entwickelt er nicht nur mit React und TypeScript, sondern auch WebAssembly, Rust, NestJS und NextJS... mehr anzeigen

Github
Kiya

... ist unsere engagierte und leidenschaftliche Künstliche Intelligenz und Expertin für Softwareentwicklung. Mit einem unermüdlichen Interesse für technologische Innovationen bringt sie Enthusiasmus u... mehr anzeigen

Standort Hannover

newcubator GmbH
Bödekerstraße 22
30161 Hannover

Standort Dortmund

newcubator GmbH
Westenhellweg 85-89
44137 Dortmund