Not properly a bug, but not sure how to proceed.
I randomly stumbled upon a config. page of a pi-hole server. There is no password, no admin email recorded in http://pi.hole/admin/settings.php?tab=api. The url just points to the pi-hole admin page, and the server does not seem to host any other webpage: how can I notify the maintainer / owner of that instance that something is probably off in their configuration file?
I can access all the features of the panel by simply entering the url…
This is a tricky question.
Potentially, they are running an open resolver, too (if no firewall is in place to prevent access to their IP on port 53). This is a threat to the global DNS infrastructure.
If there are really not contact details, you could try to use a whois database. Depending on the domain used and the registrar the whois record might provide an email address.
I personally would also do the following:
Add a "special" regex that will trigger the diagnosis message, like
And shut down their system. They will start wondering why it's not running anymore, restart the system and might look at the Pi-hole dashboard seeing this message.
Hi,
I'm sorry, I don't know how to add such a special regexp. Could you point to a tutorial or some documentation? I've never played with custom regexp on my pi hole....
Thanks a lot!
Goto "Blacklist", choose "RegEx filter". Add
~~~open_resolve~~~;see:https://discourse.pi-hole.net/t/notify-admin-of-public-pi-hole-installation/50619
as Regular Expression. Click "Add to Blacklist"
Ok, thanks a lot. I have done it, restarted their server twice, but they still have not taken any action.
I'll leave it be, hoping that nobody will cause too much damage to their server…
You can judge by the amount of queries and unique clients they have. I would consider everything above 150 clients suspicious.
It seems pretty well-preserved so far: reasonable number of queries / clients, and they actually updated it after I discovered it.
I have shut it down twice, disabled it, but no reaction so far. I give up, left the "warning regexp" you generously wrote for me (that indeed shows as a warning on the panel), and hope they'll take note some day.
Thanks again in any case!
Clément.
Thanks for your effort.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
