Hetzner Abuse Report

Cryptids

PG Master Sergeant
PG Donor
Feb 3, 2018
52
21
8
Reactions
21 0 0
#1
Hi, does anyone use Hetzner? I’ve received an abuse report as detailed below. Wondering what I should do?



Dear Mr X

We received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.

Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.

Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact certbund@bsi.bund.de and keep the
ticket number of the original report [Cloud-Report#...] in the subject line.
Do not reply <reports@reports.cert-bund.de> as this is just the sender address for the
reports and messages sent to this address will not be read.

Kind regards

Abuse team

On 11 Apr 13:18, reports@reports.cert-bund.de wrote:
> Dear Sir or Madam,
>
> the Simple Service Discovery Protocol (SSDP) is a network protocol
> for advertisement and discovery of network services and presence
> information. SSDP is the basis of the discovery protocol of
> Universal Plug and Play (UPnP). SSDP uses port 1900/udp.
>
> Over the past months, systems responding to SSDP requests from
> anywhere on the Internet have been increasingly abused for DDoS
> reflection attacks against third parties.
>
> Affected systems on your network:
>
> Format: ASN | IP | Timestamp (UTC) | Ssdp server
> 24940 | | 2018-04-10 09:05:48 | UPnP/1.0 DLNADOC/1.50 Platinum/1.0.5.13
>
> We would like to ask you to check this issue and take appropriate
> steps to secure the SSDP services on the affected systems or
> notify your customers accordingly.
>
> If you have recently solved the issue but received this notification
> again, please note the timestamp included below. You should not
> receive any further notifications with timestamps after the issue
> has been solved.
>
> Additional information on this notification, advice on how to fix
> reported issues and answers to frequently asked questions:
> <https://reports.cert-bund.de/en/>
>
> This message is digitally signed using PGP.
> Information on the signature key is available at:
> <https://reports.cert-bund.de/en/digital-signature>
>
> Please note:
> This is an automatically generated message. Replies to the
> sender address <reports@reports.cert-bund.de> will NOT be read
> but silently be discarded. In case of questions, please contact
> <certbund@bsi.bund.de> and keep the ticket number [Cloud-Report#...]
> of this message in the subject line.
>
> !! Please make sure to consult our HOWTOs and FAQ available at
> !! <https://reports.cert-bund.de/en/> first.
>
>
>
> Mit freundlichen Gren / Kind regards
> Team CERT-Bund
>
> Bundesamt fr Sicherheit in der Informationstechnik
> Federal Office for Information Security (BSI)
> Referat CK22 - CERT-Bund
> Godesberger Allee 185-189, 53175 Bonn, Germany
 
Last edited:

Miguel

PG 2nd Lieutenant
Coder
PG Donor
Feb 6, 2018
194
105
28
Jersey, United Kingdom
Reactions
105 0 0
#2
Remove port 1900 from the plex container or look to see if there's a setting within plex to disable uPnP
 

Cryptids

PG Master Sergeant
PG Donor
Feb 3, 2018
52
21
8
Reactions
21 0 0
#3
I disabled DLNA and GDM on Plex just now. Not sure how to remove that port, but if a newbie to it all.
 

Miguel

PG 2nd Lieutenant
Coder
PG Donor
Feb 6, 2018
194
105
28
Jersey, United Kingdom
Reactions
105 0 0
#4
Install portainer throigh plexguide.
access portainer through port 9000 or sudo main.
Set up your user, connect locally.
Click containers, locate plex container.
click edit, find the bit that's says port 1900, press the delete button and then press deploy on the plex container
 

Cryptids

PG Master Sergeant
PG Donor
Feb 3, 2018
52
21
8
Reactions
21 0 0
#5
I’ve done that action. Thanks for your help.
 
Assists Greatly with Development Costs

Cryptids

PG Master Sergeant
PG Donor
Feb 3, 2018
52
21
8
Reactions
21 0 0
#7
Learning every day with it.
 

Spoonsy1480

PG 1st Lieutenant
Feb 23, 2018
247
54
28
Reactions
54 0 0
#8
Thank you as I got the same notice,I’m the same leaning something new everyday and loving it
 

malphas

PG First Class
Feb 26, 2018
5
5
8
Reactions
5 0 0
#9
Emby caused the same problem for me as I forgot to disable the DLNA/Blast alive messages.

After you've fixed it reply saying that you've resolved the issue. That should be the last you hear of it.
 

mixedvadude

PG Specialist
Feb 9, 2018
24
7
8
Reactions
7 0 0
#10
Yup, I got the same email this morning as well. I was about to do the same thing, disable port 1900. I'm glad others here verified that's the right thing to do.
 

boganslayer

PG Sergeant
PG Donor
Jan 19, 2019
43
9
8
Reactions
9 0 0
#11
Install portainer throigh plexguide.
access portainer through port 9000 or sudo main.
Set up your user, connect locally.
Click containers, locate plex container.
click edit, find the bit that's says port 1900, press the delete button and then press deploy on the plex container

Sorry to bring back alive an old thread but I just got one of these and this is still the correct thing to do ?
 

PG Developer Donations

 

Forum statistics

Threads
3,295
Messages
21,292
Members
6,553
Latest member
SithVicious86