Skip to main content

PrimeGrid

Syndikovať obsah PrimeGrid
Aktualizácie: pred 20 hod 54 min

Be careful with BOINC computers on the Internet

St, 07.08.2019 - 22:41
A lot of us use Cloud servers such as AWS, or make our home computers or our computers at work accessible on the Internet so we can control their BOINC clients remotely. I was looking through the logs of some Azure servers I have running BOINC, and saw this on one of them: 10316 8/7/2019 11:39:23 AM GUI RPC request from non-allowed address 2.0.25.129 10648 8/7/2019 1:09:27 PM GUI RPC request from non-allowed address 2.0.42.193 10649 8/7/2019 1:09:27 PM 256 connections rejected in last 10 minutes In fact, a similar address (somewhere in France, supposedly) tried to connect to the BOINC client on four of my BOINC machines. This has been happening since at least July. If the BOINC client on your computers is accessible from the Internet, I advise putting your specific IP address (or addresses) into remote_hosts.cfg rather than leaving it open to the world, or doing the same in a firewall (or both). And use a strong password. If you don't think this is important... anyone who successfully connects to the BOINC client on your computer can attach it to their own BOINC server, which can then send it tasks that can easily install malicious payloads such as key loggers, spam relays, DDOS bots, and other bad stuff. EDIT: If this is all Greek to you and you don't know what I'm talking about, you're probably not at risk. BOINC starts off with remote access disabled. You have to explicitly go and change configuration files to enable remote access, and probably modify your firewall as well. If you haven't done that, you're okay.
Kategórie: Novinky z projektov