How to block unwanted outbound traffic from your containers
A few months ago, I was woken up by the sound of my server’s fans screaming. It wasn’t a spike in traffic or a scheduled backup. It was a crypto-miner. Thanks to a Remote Code Execution (RCE) vulnerability in Umami, someone had managed to turn my analytics server into a very inefficient Monero farm. I got lucky. The hacker was loud. I killed the container within minutes, and at ~10 kH/s they would have earned roughly 10 cents a day. Hardly worth the risk of being found and sued. But it left me with a cold realization: If they had been smart, they wouldn’t have mined crypto. They would have quietly exfiltrated my database. ...