Got an abuse warning from Hetzner this morning, that my server was portscanning. It was all from ipfs, so I did some digging. Turns out it's a known issue. I killed the process, then rm -rf ~/.ipfs, then ipfs init --profile=server.
To be on the safe side, I also ran as root:
ip rule add blackhole 10/8 ip rule add blackhole 192.168/16 ip rule add blackhole 172.16/12 ip rule add blackhole 169.254/16
That covers all the RFC1918 and link-local ipv4 addresses Hetzner was watching. If they watch ipv6 as well I may need to attend to that too. If you're running IPFS, you may want to watch out for this.
Back to blog or home page
last updated 2020-11-29 10:16:13. served from tektonic.jcomeau.com