Hi,
I have been hacked recently. Annoyingly because I forgot to reset the pi password for the pihole 
Because of that I am firewalling everything in my network. Can someone tell me what porst are required for pihole to work correctly and than mainly the updates... I realise SSH and DNS is needed, and 80 for the browser, but what protocols does pihole use for updating? The gui does not know everything at the moment. IN the bottom it says:
Pi-hole Version N/A Web Interface Version N/A FTL Version N/A
Please advice.
Best regards, Peter
(oh, yeah, I DID reset the pi password this time 
)
On what do you base that statement? The typical use case for pi-hole is to run on an internal server (internal=not web-facing). Unless someone hacked you from within, I doubt pi-hole was the vector.
Based on the fact I forwarded ssh traffic to that pi from the internet. Add that to the default password and you get the most obvious problem. Also I am not blaming pihole, but the pi running pihole. But that was not the question, just an explanation why I am firewalling everything.
No wonder then 
- You don't need to firewall everything in your internal network. Also not after such an experience as long as do two things:
1.1. you don't forward any ports (except when you have a VPN then the port for this one) and by this slam the door for any hacker
1.2. (I guess that is obvious) you nuke the SD card that was in the Pi and start from scratch as they could have installed whatever they wanted on this machines - the required ports are (as you already mentioned): 53 and 80 for INPUT, 53, 80 and 443 for OUTPUT as well as 4711 for IN-/OUTPUT (but only thorough device
lo)
1 Like
If you are using ufw then you only need to block incoming ports. Outgoing pass through ufw's configuration without a problem. So block everything but what you need to access the Pi remotely. (If that's SSH and the web interface, that would be 22 and 80.) Most of the traffic is internal from the Pi-hole to your network. The big one is that SSH port with the default pi/raspberry combo that every bot in the world will try to access. You can try moving the SSH port off 22 and to another port so that most bots will fail to gain access unless they do a full port scan. The best option is to set up a VPN between the outside world and the Pi-hole and access the ssh port only through the VPN.
The type of damage a 5mm drill bit can do to microsd is awesome
Thanx, that's what I needed to know.
I had a look at ufw, but it seems to limited for me. Certainly now, I like to see what I do. The iptables rules are terrible to read, but straight forward if you understand them.
The outside port for ssh was ludicrous high, but a bot is patient and will just find it a few seconds later. Right now, I only want to allow incoming ssh from my internal network. I really do not have the need to access the pihole from remote. Thanx all for the answers.
Best regards, Peter
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.