Moqui Forum finally Online

michael · September 7, 2024, 10:04pm

Moqui forum is back online. Sorry for the delay.

jonesde · September 13, 2024, 4:02pm

Thank you @michael for taking care of this, and now for also taking over the hosting of the forum again.

For some background: a couple of weeks ago the server running moqui.org, demo.moqui.org, and forum.moqui.org was compromised and was flooding the internet with SSH probes (ports 22, 23, 2222 mostly). I rebuilt a new server and got it setup, and it was compromised after about 10 days (even with the latest updates for ubuntu 22.04).

The one oddity about the little server that may be a factor in this is that it was an Orange Pi 5, a little micro server. These are a cool idea in theory, low power but enough compute power and memory to handle these sites just fine. The problem in this case may be the software. OS images for these are downloaded and closed, not an installer and not standard linux by any means. It is possible to do a custom linux build with their patches for hardware support, and I may try that at some point with the 2 of these machines I have, but that is too much of a pain to be worth it… especially when I only have vague theories that this might help. It may also be that there is an SSH vulnerability still out there in various Ubuntu 22.04 variations, though much higher chance that this particular distro for this particular hardware is the issue (with bad configuration, old packages, or even malicious code).

Anyway, there’s the story, for what it’s worth. Now moqui.org and demo.moqui.org are running on a Hetzner server that I am managing, and forum.moqui.org is running on another Hetzner server that Michael is managing.

chunlinyao · September 16, 2024, 1:31pm

Thank you, @Michael, for managing the forum server. It seems the new server is blocking some IP addresses from China, as I can’t access forum.moqui.org directly.

michael · September 16, 2024, 8:20pm

Can you private message me a traceroute of accessing the Moqui server? I couldn’t find anything on why hetzner would block chinese IPs

newmannhu · October 9, 2024, 1:47pm

I still can’t access Forum from ShangHai directly. What is the matter?

michael · October 9, 2024, 8:47pm

@chunlinyao was able to get it to work not through ipv4 but the ipv6 address:

[user@dellxps15 ~]$ dig forum.moqui.org A +short
5.78.100.43
[user@dellxps15 ~]$ dig forum.moqui.org AAAA +short
2a01:4ff:1f0:910e::1

Maybe you can force your browser to use ipv6 for forum.moqui.org.