Pihole Getting Spamed Random Ips

Pwn3d · November 21, 2022, 7:19pm

Hello My Pihole Instence Keeps Getting Spamed By Random Ip's On The Internet with domain's Like

version.bind
sl

and i Bunch Of Random .gov Websites And I Think Its A dns Amplication Attack I Was Wondering If U Guys could add a Feature To The Web Interface That Allows You To Block Ip's From Connecting To Your Pihole Server via Ip Tables I Wrote A Small Bash Script That takes my input which is an Ip address and uses ip tables to block that ip from connecting to me It would be cool if u guy's Could Make This Configureation into A Gui Like The Domain Blacklist section in the web interface But For Ip's For iptbales to block Any Way Here's My Script

#!/bin/bash

iptables -A INPUT -s $1 -j DROP
echo $1 >> iplist.txt

chrislph · November 21, 2022, 7:39pm

It's important to establish what's going on. If your Pi-hole is open to the public it will be quickly detected and abused as you describe. You should take it offline immediately. Amplification attacks often involve lots of query types of ANY which you will see on the Dashboard.

You can run Pi-hole on a remote server if you ensure the server is secure with authenticated access, eg using ssh, that it is firewalled off as needed, and that you are using a VPN to create a virtual network to the server so that only you can access it over that.

Pwn3d · November 21, 2022, 8:44pm

My Non Technical religionish Nana Uses It So i can't Do ANy Thing With vpn and only port 53 is exposed out

Bucking_Horn · November 21, 2022, 8:51pm

If your Pi-hole is receiving traffic from remote public IP addresses, you would have turned it into an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.

The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.

Pwn3d · November 22, 2022, 1:39am

Why Don't u Guys Tho Pi-Hole's entire Thing Is To Block Domains On a dns level Why Wouldn't You Guys Want To Find Ways To Protect It As An Open Resolver

Pwn3d · November 22, 2022, 1:42am

I'm Gunna Find A Way To Add Extra Protection To pihole as an open resolver And post it on github
at vulncatic

jfb · November 22, 2022, 4:51am

That is the port that is exposing your Pi-hole to the entire internet, resulting in the queries you see in your log.

jfb · November 22, 2022, 4:53am

Pi-hole is designed to be operated on your private LAN, not exposed to the internet. The large commercial providers (Google, Cloudflare, etc.) have many layers of protection against DDOS mis-use, and a home user won't have this.

Good luck with this.

Bucking_Horn · November 22, 2022, 5:57am

You already find that in Pi-hole's documentation.

As mentioned by chrislph, the recommended way to run a cloud-based Pi-hole is via VPN, granting you secure, authenticated access. The guides available at Guides > DNS in Pi-hole's documentation have quite a few hepful suggestions how to achieve that.