Securing public exposed LoRa App Server instances

VikhyatChandra · October 31, 2017, 7:03am

Hi brocaar I have gone through your git hub issue regarding the same topic and keeping those points in mind we have accessed the web interface with https and we haven’t made and client API requests yet. So when i’m sending the packet from gateway side I see three consecutive JSON_UP’s of the same packet sent in the gateway logs and i’m not receiving any JSON_down. This was working perfectly with the other server configuration. Although for the newly constructed Server i am receiving the error of TLS Handshake(Also both the servers are using the same gateway)Here are the logs of lora-app-server

Oct 31 06:39:21 ubuntu-2gb-blr1-01 lora-app-server[24044]: 2017/10/31 06:39:21 http: TLS handshake error from 123.249.27.191:39390: tls: first record does not look like a TLS handshake
Oct 31 06:46:17 ubuntu-2gb-blr1-01 lora-app-server[24044]: 2017/10/31 06:46:17 http: TLS handshake error from 204.44.65.4:44721: tls: first record does not look like a TLS handshake
Oct 31 06:46:22 ubuntu-2gb-blr1-01 lora-app-server[24044]: 2017/10/31 06:46:22 http: TLS handshake error from 204.44.65.4:45341: tls: first record does not look like a TLS handshake
Oct 31 06:46:23 ubuntu-2gb-blr1-01 lora-app-server[24044]: 2017/10/31 06:46:23 http: TLS handshake error from 204.44.65.4:45387: tls: first record does not look like a TLS handshake

glederer007 · October 31, 2017, 8:10am

Your server is being “touched” from supposedly malicious IP-s: https://www.abuseipdb.com/check/204.44.65.4 . Check all these IP-s…

weffel · October 31, 2017, 8:44am

Is this something one should take action for to prevent it? If so, what could one do to block these attempts? Or is this not harmful in any way and should one just ignore it?

brocaar · October 31, 2017, 9:33am

You could setup firewall rules See for example: https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands.

VikhyatChandra · October 31, 2017, 3:59pm

Hey guys to overcome the security factor i have configured the loraserver in aws environment. I Accessed the web GUI of the server.

Also in the web interface i see this error message:
Error type mismatch, parameter: id, error: strconv.ParseInt: parsing “undefined”: invalid syntax (code: 3)
I am really stuck and freaking out now. I have been using LoRa server for months now but never encountered this problem.Is there anything different in the subsequent releases?.

glederer007 · October 31, 2017, 9:30pm

Have you set up the firewall rules as Brocaar suggested? From your screenshot it seems that you get port scans from IP 106.51.21.154.

brocaar · November 1, 2017, 8:14am

An other suggestion, install fail2ban. By default it will block recurring failed ssh logins out of the box temporarily in iptables, but I think you can set it up to scan other logs too.