Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was hacked one single time in my entire 25 year long career. Someone hacked a bind server I was running and installed some sort of bot node. That was in the 90’ies.


The pi-hole I was running on Raspberry Pi got hacked. I only noticed the traffic when something unusual showed up on my node app console


Was the Pi running public facing services? How did this occur?


No it was internal facing behind cable router. There must have been some vulnerability in the pinhole or os. They breached the router


That feels weird somehow. I highly doubt PiHole is the culprit. If you're only using it internal to your LAN for DNS there is no way someone from outside can touch it. You most likely have other, bigger problems with your network (perhaps the WiFi password was discovered by someone, or you're exposing other vulnerable services to the web directly).


Accually there's several ways, XSS for example.

But I agree that there's something other that's not ok. Compromised client (probably a computer) or a compromised router is my guesses.


Agreed, I managed to achieve this by port forwarding port 53 in my router settings. This allows hackers to enlist you in their DNS amplification attacks so please never do this.


Yikes. As much as I want to look into PiVPN, things like this give me pause.


Wireguard is the only service that I bother to expose.

It's stealth and has mitigations for DOS attacks.


Do you have a good guide for this? I sort of grok that the Pi (server) setup is different from the devices (clients) that will use it, but it’s always good to check assumptions.

I already run PiHole, but I might run this on a different box just to keep things simple.

Also, last I checked - port 51820 is reasonably well known, is it safe to use this default when forwarding traffic?


To be fair, that was probably due to something else than the DNS stack. For example, i assume the web interface downloads countless dependencies from a 3rd party repo (such as npmjs), any of which could have been victim of a hostile takeover.

DNS is nowadays very robust and secure, and if you have unattended-upgrades configured there's literally zero reason to be frightened by DNS.


To be fair, that pretty much describes every daemon from the 90s, and the linux kernel itself.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: