How to get your docker container hacked

I was testing a docker deployment of https://hellopaint.io on a hetzner root server. The server is configured with ufw (uncomplicated firewall) to only explicitly allow traffic on some ports. Since the containers I deployed were only for testing, and I assumed that the exposed ports would only be accessible on the host because of ufw, I didn't bother to set a secure database password.

One morning I received an email about network abuse happening on my hetzner server, something about a netscan happening and my server being locked. Turns out, docker bypasses ufw and my poor postgres database was exposed to the internet without a strong password. Some automatic scan must have found it and hacked into it, looking for more targets to hack into. Luckily they have not been able to escape the container, so there wasn't much damage (apart from my stress level).

TLDR: Always use strong passwords, even when testing.

Explanation and fix for docker and ufw: https://github.com/chaifeng/ufw-docker
Someone else being hacked the same way: https://blog.newsblur.com/2021/06/28/story-of-a-hacking/



Zur Übersicht

Standort Hannover

newcubator GmbH
Bödekerstraße 22
30161 Hannover

Standort Dortmund

newcubator GmbH
Westenhellweg 85-89
44137 Dortmund