I am recieving from IP-Echelon Compliance <notices.p2p@ip-echelon.com> that my server holds illegal file for birtorrent files. Do you have any idea? Is there a security issue? I am using latest 4.1 version. How can I check server?
Bittorrent complains for pve server.
- Thread starter ozgurerdogan
- Start date
But is this really possible? Does not proxmox itself take some security issue to prevent such issues?
We do not deny any port/traffic from the base setup.
We look that the system itself is secure (has no security holes, is not easy to take over, ...)
"Torrenting" is not a security hole/breach, I often use torrents to (legally!) download ISOs from Linux distributions or other open source software so that I can seed it back and "sponsor" some bandwidth to the project.
If you give VMs to (unknown) customers then I hope you have a contract with them which states that on any illegal activity on there machine you can terminate there VM instantly (or something similar).
An unknown entity can do almost anything, from starting DDoSes or hosting malicious sites, and so on. Rate limiting their bandwidth would be an option to consider.
Also as p2p can use any port and may be encrypted it's not easy to add a simple firewall rule to that.
Secondly you have to note that the email could also be simply spam or a intimidation try.
If you do not host VMs/CTs from some unknown people, then
A) you downloaded something (illegal?) over a p2p network and have to stand your man
B) someone else with access to the machine did this
C) It's a spam/fraud email
my opinion.
We look that the system itself is secure (has no security holes, is not easy to take over, ...)
"Torrenting" is not a security hole/breach, I often use torrents to (legally!) download ISOs from Linux distributions or other open source software so that I can seed it back and "sponsor" some bandwidth to the project.
If you give VMs to (unknown) customers then I hope you have a contract with them which states that on any illegal activity on there machine you can terminate there VM instantly (or something similar).
An unknown entity can do almost anything, from starting DDoSes or hosting malicious sites, and so on. Rate limiting their bandwidth would be an option to consider.
Also as p2p can use any port and may be encrypted it's not easy to add a simple firewall rule to that.
Secondly you have to note that the email could also be simply spam or a intimidation try.
If you do not host VMs/CTs from some unknown people, then
A) you downloaded something (illegal?) over a p2p network and have to stand your man
B) someone else with access to the machine did this
C) It's a spam/fraud email
my opinion.
I see lots of connection with ntstat. But this is 3-4 months old clean install of proxmox and was not touched after install. So what could be causing this? No simple password at all.
Last edited:
We do not ship anything which causes (bitorrent) network load.
Look in the logs for remote logins and look which ports are open:
(you maybe have to install the tool if not already)
Check if anything strange is running (top, systemctl status, ...) and shut it down if yes.
Add firewall rules so only the needed ports are open and only you can connect to the most important ones (ssh, web interface, ...), but stay attend, do not lock you out completely.
Look in the logs for remote logins and look which ports are open:
Code:
netstat -tulpn
lsof -iCheck if anything strange is running (top, systemctl status, ...) and shut it down if yes.
Add firewall rules so only the needed ports are open and only you can connect to the most important ones (ssh, web interface, ...), but stay attend, do not lock you out completely.
I'am not sure, but i belief that the issue (if this is really a) is not coming rom from the PVEhost. What VMs you are running on? What they do. On what reference point they did have? Offical IP, how many offical ip's are in use? On IP for one VM/Server, or only one IP and NAT/Portforwardings...
It is not impossible, but very improbable.