Got an abuse warning from Hetzner this morning, that my server was portscanning. It was all from ipfs, so I did some digging. Turns out it's a known issue. I killed the process, then rm -rf ~/.ipfs, then ipfs init --profile=server.

To be on the safe side, I also ran as root:

ip rule add blackhole 10/8
ip rule add blackhole 192.168/16
ip rule add blackhole 172.16/12
ip rule add blackhole 169.254/16

That covers all the RFC1918 and link-local ipv4 addresses Hetzner was watching. If they watch ipv6 as well I may need to attend to that too. If you're running IPFS, you may want to watch out for this.

Back to blog or home page

last updated 2020-11-29 10:16:13. served from tektonic.jcomeau.com