Traccar log shows hacker attack - something that I should be aware off?

smalloak673 years ago

Today I found in my logs the following entries:

2021-07-25 04:43:00  INFO: [71975285] connected
2021-07-25 04:43:01  INFO: [71975285] disconnected
2021-07-25 04:43:01  INFO: [60e50a3c] connected
2021-07-25 04:43:01  INFO: [60e50a3c: tlt2h < 172.17.0.1] HEX: 1603000069010000650303551ca7e472616e646f6d3172616e646f6d3272616e646f6d3372616e646f6d3400000c002f000a00130039000400ff01000030000d002c002a000100030002060106030602020102030202030103030302040104030402010101030102050105030502
2021-07-25 04:43:03  INFO: [60e50a3c] disconnected
...
2021-07-25 04:46:53  INFO: [3369fc8a] connected
2021-07-25 04:46:53  INFO: [3369fc8a: tlt2h < 172.17.0.1] HEX: 3c204e54502f312e32203e0a
2021-07-25 04:46:55  INFO: [3369fc8a] disconnected
2021-07-25 05:47:11  INFO: [91af7c29] connected
2021-07-25 05:47:11  INFO: [91af7c29: osmand < 172.17.0.1] HEX: 0300002f2ae00000000000436f6f6b69653a206d737473686173683d41646d696e697374720d0a0100080003000000
2021-07-25 05:47:11  INFO: [91af7c29: osmand > 172.17.0.1] HEX: 485454502f312e31203430302042616420526571756573740d0a636f6e74656e742d6c656e6774683a20300d0a0d0a
2021-07-25 05:47:11  INFO: [91af7c29] disconnected

I'm sure that I'm not alone and that this is not the first time someone tries to compromise a traccar installation.

I'm running traccar (4.12) on a Synology NAS inside a docker container.

Is there a vulnaribility known which was or could have been used?

Is there anything that I could or should check? Any other hint?

Anton Tananaev3 years ago

That's normal if your server is exposed to the internet. I would recommend closing ports that you don't use.

smalloak673 years ago

Thanks for your reply. Only needed ports are open.
Are there any known issues with traccar?

Anton Tananaev3 years ago

You mean security issues? No, as long as you are using the latest version.