proxmox hacked

Maher Khalil

Member
Jul 11, 2021
212
9
23
42
I have proxmox with several of VM machines based on KVM sold to customers
i noticed that tcp connection using my proxmox server is trying to connect to one of my other servers and off course it is getting blocked by fail2ban
my question:
how clients of VM can access the proxmox host
is that means proxmox is not safe?
 
It is normal installation. I think proxmox should isolate cm from server, right?
Should I do something else?
 
It is normal installation. I think proxmox should isolate cm from server, right?
Should I do something else
 
What I want to understand how user of kvm machine access server? Proxmox should ensure that it couldn't happen, right?
 
Are your VMs/containers on a separate bridge or does your Proxmox host also have an IP address on the same bridge? Are those bridges on separate network controllers or VLANs?
Once in a while there are reports about VMs that can compromise the host by using security bugs in QEMU or the KVM drivers.
 
I already stopped and remove containers since long time to avoid security issues,
Proxmox host dies not have IP in bridges, I have 2 subsets each one in separate bridge.
If vm can access host, that means it is not for production?
 
I already stopped and remove containers since long time to avoid security issues,
Proxmox host dies not have IP in bridges, I have 2 subsets each one in separate bridge.
If vm can access host, that means it is not for production?
Please explain what you mean with subsets. Unless the networks a physically separated (or VLANs) connected only via a properly configured firewall, the VMs can (try to) connect to Proxmox host(s) via the network.
 
While creating vm, I select the bridge and add network card and expect proxmox to do the isolation
The VM (CPU, memory, disk) are isolated but if your networks are connected, they can still attack the host via the network. A virtual machine connected to a network is in that respect no different from a physical machine connected to that network. Use proper network isolation just as you would with physical machines.
 
Networking like this is a big beyond me too, I recommend Two Factor Auth if you can't isolate them on a different subnet/network that can't talk with your PVE host....
And if they're escaping the VM/QUEM, there's other problems...
 
so what's is the suggestion to isolate then from host?
I do not know much about bridges, but either do TFA on PVE host for better password security, or get a new network switch firewall capabilities to block traffic from all ips, except XYZ, get the vm's on a different network switch, , or tweak around with Proxmox bridges and firewall.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!