Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code contains malvare #1

Open
duker33 opened this issue Apr 22, 2018 · 9 comments
Open

Code contains malvare #1

duker33 opened this issue Apr 22, 2018 · 9 comments

Comments

@duker33
Copy link

duker33 commented Apr 22, 2018

Installed this one on two different servers. Used only by myself. At both cases container made DoS attack and spawed on emails
@mifeil
Copy link

mifeil commented May 2, 2018
edited
Loading

Same for me, maybe it because the container has no authorization even if you add user according to instruction.

@wernight
Copy link
Owner

wernight commented May 18, 2018
edited
Loading

Sounds worrisome. Could you provide steps to reproduce? I'm not intimate with Dante internals (and even not that much as a user of Dante). If you submit a PR fixing something I'd be glad to assist.

@duker33
Copy link
Author

duker33 commented May 19, 2018

@wernight , i'm not old friend of Dante too. Sorry, i didn't catch logs and already removed this code installation

@george-kirillov
Copy link

I think that this is due to the configuration of the dante itself.

@avxkim
Copy link

avxkim commented Oct 8, 2018

Do you, guys, use authentication with it? Because socks5 without auth is very dangerous.

@mediclab
Copy link

Same for me. Digitalocean sends me an abuse mail from 3rd party company which email-DoS by my droplet.
I think in this image in dockerhub something strange.

wernight added a commit that referenced this issue Jul 29, 2020
@wernight
Upgrades base images.
8b42776 
See also #1.
@eababurin
Copy link

My hosting provider informed me that spam email is being sent from my host. Only this container was launched on the host.
Don't use it.

@wernight
Copy link
Owner

wernight commented Jan 7, 2022
edited
Loading

Dante wrongly configured gives something like access to the our LAN and malicious users may send request pretending to be coming from your machine.

I do agree that the container should be made safe by default if possible. I don't even recall where I got the default https://github.com/wernight/docker-dante/blob/master/sockd.conf, must have been from the default install. This is likely where the cause is, and eventhough it's meant to be customized, it's clearly unsafe by default based on these reports here.

I'm willing to accept PR or delegate the project to another.

@TheNicholasNick
Copy link

TheNicholasNick commented Jul 7, 2022
edited
Loading

there is no malware in this dockerfile...

starting a server on the public internet listening on the common socks proxy port of 1080 = host found and used by people looking for open socks proxies...

ie don't start public accessible socks proxies on default ports... this container is perfect for a docker-compose setup or wanting to have a socks proxy somewhere without the overhead of ssh and the whole ssh -D 0.0.0.0:1080 trick.

however it is a socks proxy that allows devices to connect to it and use it to access other hosts - proceed accordingly... aka "warning, boiled hot water is hot and may cause severe burns" sticker on kettle/hot water boiler

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@TheNicholasNick @wernight @mediclab @duker33 @avxkim @mifeil @eababurin @george-kirillov