[HELP] Improve proxmox security

Diego, @LnxBil have a valid point of view. And the bad guys have do not go to your server by chance!!! They test you for several times before the incident, ... to see ..."now let see how this admin guy will react". After this initial phase(without any admin reaction), they decide that it will be OK to make some damage to your system, because ..... ;)
 
Very optimistic thinking to fix it yourself and hardly realizable depending on the hack itself.



...and you think running VMs on a compromised server and making money is wise? What if they already hacked your credit card db, injected stuff in your paypal pipeline or installed malware in your software (assuming your're selling software). You have a situation you cannot control.

You're breaking so many forensics 101 rules ... but it's your server.
we don't work with credit card or other sensitive information.
- like I said, use a vpn to access your proxmox server, and the make proxmox web-interface to listen only for vpn connections
just had a meeting with my boss we will implement that for sure! thank you
Diego, @LnxBil have a valid point of view. And the bad guys have do not go to your server by chance!!! They test you for several times before the incident, ... to see ..."now let see how this admin guy will react". After this initial phase(without any admin reaction), they decide that it will be OK to make some damage to your system, because ..... ;)
somewhere in the log i saw that we were added to a cluster (idk more informations about it yet) but if that is the case maybe we are just a +1 zombie to be used on attacks since we don't get attacked they are using our servers to attack other IPs with DDoS etc etc
 
Also be aware, that this public post could be read by the bad guys ;) Anyway, for such case you must have a plan. If for example a bad guy are make ... then I will do this:

- replace my apache web server with other product
- ask a good and trusted admin friend to look on your config/setup ...different eyes can see different things ;)
- and so on ....
 
Last edited:
we don't get attacked they are using our servers to attack other IPs with DDoS etc

... because your server/services can initiate a new connection to the Internet. But the right path is that your server to respond only to the new connection ! This is another big mistake.
Nobody is perfect(me included), but you must learn from this bad events.
 
i got the xxx.xxx.xxx.xxx for my host (proxmox)
and each container is running a different IP from fail over IPs yyy.yyy.yyy.aaa (i have 4 different containers running and running different IPs)

i don't think they did since internally we have a good security (i assume)

from the logs it gets suspicious when i see
Code:
Oct  9 04:09:09 ns3037493 systemd[1]: Stopping Proxmox VE firewall logger...
Oct  9 04:09:09 ns3037493 pvepw-logger[25692]: received terminate request (signal)
i've been searching for this pvepw-logger which i assume it is proxmox password logger? but what does it do? why did it got called at this time? (4am i assume no one is in the office)

haven't read the full thread, but the "pvepw-logger" is just a typo in the code (fixed in git) - it is of course supposed to be "pvefw-logger", which is short for "Proxmox VE firewall logger". we have never and will never log passwords or anything like that.

this is a normal log entry if your host was shutdown, or certain services got restarted (e.g., on upgrades, logrotate, ...).
 
haven't read the full thread, but the "pvepw-logger" is just a typo in the code (fixed in git) - it is of course supposed to be "pvefw-logger", which is short for "Proxmox VE firewall logger". we have never and will never log passwords or anything like that.

this is a normal log entry if your host was shutdown, or certain services got restarted (e.g., on upgrades, logrotate, ...).
thank you for clarifying
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!