Post · bonfire.cafe

Post

Few days ago I successfully configured #coturn to have a TURN/STUN server for in-family calls. But … looks like bots or some bad guys constantly trying to connect to my TURN server to use it for something 😒

Of course, it is impossible, since anonymous access or any other access without right key is impossible. But, there are no IPs of attackers in the log file, even wth "Verbose" directive — only my local and public IPs and my server's hostname

Maybe, there is some way to force coturn to display IP addresses of connected clients, so I could ban them all with fail2ban?

#TURN #STUN #selfhosting #networking #AskFedi

Screenshot of turn.log with lines of unsuccessful attempts to connect to my TURN server. Sadly, there are only my IPs and hostname, no IPs of attackers.

Eugene :freebsd: :emacslogo:

@evgandr@mastodon.bsd.cafe replied · 3 days ago

Pretty funny that bots are trying to break into my Nginx and TURN services, but absolutely ignore my Prosody service (I have a Jabber server with closed registration for in-family communication).

All unauthorized logins, logins with wrong passwords and attempts to register are logged. But, near half an year I see literally zero attempts to do something like that from bots Maybe, they are trying to do something on the low level, which doesn't appear on the logs without "debug" level?

#XMPP #Jabber #Prosody

PositivDenken 🤯

@zeank@mastodon.social replied · 3 days ago

@evgandr what would be the incentive to hack an xmpp account? To send SPAM? That’s usually done by creating accounts on servers having open registration. Probably just easier that way.

Chewie

@chewie@mammut.gogreenit.net replied · 3 days ago

@zeank @evgandr it's not the xmpp account, it's that the STUN/TURN server can be used to relay VoIP cells and hide their origin, isn't it?
I should check my logs too!

Eugene :freebsd: :emacslogo:

@evgandr@mastodon.bsd.cafe replied · 2 days ago

@chewie @zeank See, my second toot here is about XMPP server, not about TURN server ;-)

> what would be the incentive to hack an xmpp account? To send SPAM? That’s usually done by creating accounts on servers having open registration

In my country the hacked XMPP account could be used to sell illegal drugs — I heard that drug addicts and dealers sometimes are using Jabber to communicate.

Or, in a more common way — hacked XMPP account could be used to frame the person as a criminal or terrorist — by some foreign hackers or even by police or security services, if they want an "easy case".
It is not a big deal for some corrupted official — upload something like child pornography or texts with government criticism using hacked account on the server, then raid the person's home to sieze the server and "prove" the person's guilty this way. You can earn an easily closed case and good department statistics this way.

Maybe you heard about similar case with mathematician Dmitry Bogatov? Unknown bad guy posted calls for mass unrest in some forums using his Tor exit-node and the state tried to put the Dmitry in jail for terrorism and mass riots preparation.

So, I'm very surprised that I don't see attempts to break in my Prosody installation in the logs.

#Jabber #XMPP

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1 no JS en

Automatic federation enabled