4.1.2023 |

How to get your docker container hacked

I was testing a docker deployment of https://hellopaint.io on a hetzner root server. The server is configured with ufw (uncomplicated firewall) to only explicitly allow traffic on some ports. Since the containers I deployed were only for testing, and I assumed that the exposed ports would only be accessible on the host because of ufw, I didn't bother to set a secure database password.

One morning I received an email about network abuse happening on my hetzner server, something about a netscan happening and my server being locked. Turns out, docker bypasses ufw and my poor postgres database was exposed to the internet without a strong password. Some automatic scan must have found it and hacked into it, looking for more targets to hack into. Luckily they have not been able to escape the container, so there wasn't much damage (apart from my stress level).

TLDR: Always use strong passwords, even when testing.

Explanation and fix for docker and ufw: https://github.com/chaifeng/ufw-docker
Someone else being hacked the same way: https://blog.newsblur.com/2021/06/28/story-of-a-hacking/

Lucas
Zur Übersicht

Mehr vom DevSquad...

Jan Sauer

AWS re:Invent 2022

Lucas Meurer

Tailscale VPN