Hi I ended up getting hacked because of running quantrocket stack whilst accidentally having a postgres port exposed to the internet.
They ended up installing a crypto miner on my box, it's a pretty well known attack vector.
In order to mitigate this would suggest that containers except julter one don't bind to a publicly accessible IP address or for the default postgres credentials to be changed.
Thanks!
Thanks for reporting this. To clarify: in the default QuantRocket stack, the only public-facing service is the houston container (the API gateway). In cloud deployments this is published on port 443. In local deployments port 80 is published to the host, but it is not reachable from the internet unless you configure port forwarding on your home network. The Postgres service is not exposed to the host or the internet by default; it’s only accessible on the internal Docker network to other QuantRocket containers.
Your description makes me wonder if something in your setup may have inadvertently opened Postgres to the outside. For example:
ports: stanza such as 5432:5432 in a local override of docker-compose.yml--network host
Can you share any details about how you launched the stack (custom overrides, cloud provider firewall settings, etc.)? That would help me understand what led to Postgres being reachable, and whether there are any changes I should make or warnings I should add to reduce the chance of this happening to others.