Server Traccar Problems Spam or Atack

ubiratan.lima5 years ago

Hello,
I asked an acquaintance to install the traccar on a CONTABO VPS. He unhitched and indicated the VPSDIME to me, well, I did the hiring, and I can't work because the VPS DIME always accuses the system of attacking others or doing spam. See in the link below what VPSDIME informs you about the server where you only have TRACCAR.

https://vpsdime.com/dimewatch7.php?uuid=af79169b-f697-406b-b228-fa7e748b016d

Someone can help to verify what is really happening, as it is already the third installation with the same problem.

I don't know if I'm being something of bad intentions people stealing information.

Anton Tananaev5 years ago

Just close the ports that you don't use.

Slawek5 years ago

is something wrong, your serwer try to connect with someone in china over and over again

ipv4     2 tcp      6 118 SYN_SENT src=104.237.10.41 dst=103.88.35.38 sport=37343 dport=80 [UNREPLIED] src=103.88.35.38 dst=104.237.10.41 sport=80 dport=37343 mark=0 zone=0 use=2
Saqib5 years ago

Anton, to close the ports, we just need remove the ports from default config files and thats it?

Slawek5 years ago

my advice is, make new serwer

install traccar
run firewall and configure it

ufw firewall is easy

sudo apt-get install ufw

open ports

ssh
sudo ufw allow 22/tcp

http port
sudo ufw allow 80/tcp

traccar default web port
sudo ufw allow 8082/tcp

traccar track device like android gps
sudo ufw allow 5055/tcp

traccar devices witch use port 5001 (if you have)
sudo ufw allow 5001/tcp

sudo ufw enable

ubiratan.lima5 years ago

Thank you all. I will configure the firewall and block all other ports.

Slawek5 years ago

make strong password for root

ubiratan.lima5 years ago

Perfect. Apparently the problem in the VPS is controlled.
We'll see how long ... hopefully definitely ...

Thank you all.

Massimo5 years ago

Pay attention, use fail2ban or similar software for sshd.
My contabo vpn is daily under attack, from chinese’s ip addresses.
You only need to open 8082 (web gui), 5055 (for mobile traccar client), your device/protocol port and ssh port (i suggest you to readdress 22 to something else, in sshd config, and use strong password/certificate).

ubiratan.lima5 years ago

Thanks Massimo, well done. \o/, Its Work

Aris Manessis2 years ago

Hey Massimo, is there any chance you can share with us your fail2ban filter file for traccar webserver just "not to reinvent the wheel?" Thank you very much!

Massimo2 years ago

Aris, my suggesion are:

  1. use SSH with keys;
    1a) change default 22 to something highter
  2. Fail2ban has standard setting, i've just set longer bantime

Then look at https://github.com/traccar/traccar/issues/1554#issuecomment-160571648