-
|
Hello, I am running on AIO 28.0.4. I checked the logs for an unrelated problem on mastercontainer and found something nasty :
If you are curious, the youtube video is a rick roll. It looks like it happened one month ago - 16th and 23th of May. I would like to confirm with you that I am indeed compromised (there is no possibility that this is triggered by something outside of nextcloud) and also which file could be changed to obtain this result. I already checked Caddyfiles of mastercontainer and apache containers, it looks allright. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hi, I doubt that your instance is compromised.
Actually there is. If you do not want such things to be logged anymore, I would recommend putting the aio interface behind a vpn and/or not exposing it publicly. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, Thanks for your answer. From what I understand, theses requests are done by Caddy parsing a Caddy file (which domains to ask a certificate for - using either a Caddy file or some internal configuration..). So I thought someone would have updated the Caddyfiles of some containers. So, there would be a way for Caddy to parse a file coming from the outside ? Or is this something totally different ? |
Beta Was this translation helpful? Give feedback.
Hi, I doubt that your instance is compromised.
Actually there is.
If you do not want such things to be logged anymore, I would recommend putting the aio interface behind a vpn and/or not exposing it publicly.