Deluge-web RPI Security

General support for problems installing or using Deluge
therahmaniac
New User
New User
Posts: 4
Joined: Sat Jun 25, 2016 1:13 pm
OS or Distro: Debian

Deluge-web RPI Security

Postby therahmaniac » Sat Jun 25, 2016 1:15 pm

I have an RPI3 with deluge daemon running 24/7. I connect from my other pcs, mobile onto the RPI daemon(within Home network) and things were fine. I decided to go for a dynamic dns and chose duckdns and exposed deluge-web onto the internet. My deluge web password is pretty decent. But there was a snooper who had got in, crossed the password and messed up my deluge settings badly. I still have no trace (dont know how to) to identify this notorious person.
Has anyone faced anything similar / Know how a person could do that ? What are ways to prevent such attacks in specific?
Is there any way other than passwords thats used to identify a client connecting to deluge web from the internet?

User avatar
gderf
Leecher
Leecher
Posts: 88
Joined: Sat Jun 18, 2016 1:32 am
OS or Distro: Debian Linux

Re: Deluge-web RPI Security

Postby gderf » Sat Jun 25, 2016 1:43 pm

I would look into ssh tunneling exposed on a non standard port using public/private keys instead of passwords.

therahmaniac
New User
New User
Posts: 4
Joined: Sat Jun 25, 2016 1:13 pm
OS or Distro: Debian

Re: Deluge-web RPI Security

Postby therahmaniac » Sun Jun 26, 2016 2:35 am

I primarily use web ui from a PC(windows) and mobile (android). If i do ssh tunneling would I still be able to use webui from these? Also it is possible to setup ssh tunneling as the only way of accessing webui? Based on some googling I found "TLS mutual authentication". Do you think its useful/ doable?

User avatar
gderf
Leecher
Leecher
Posts: 88
Joined: Sat Jun 18, 2016 1:32 am
OS or Distro: Debian Linux

Re: Deluge-web RPI Security

Postby gderf » Sun Jun 26, 2016 11:19 am

You can ssh tunnel anything that runs over TCP, and the webui runs over TCP.

I can't say what's possible over your android phone as I do not know if a ssh tunnel application is available for it or not.

Do not expose the webui to the internet. It needs to only be reachable from the local machine. The tunnel connects to it there. This makes it reachable only via the tunnel.

TLS mutual authentication wouldn't hurt anything, but it probably doesn't add much to the protection if ssh tunnel is the only way in.

therahmaniac
New User
New User
Posts: 4
Joined: Sat Jun 25, 2016 1:13 pm
OS or Distro: Debian

Re: Deluge-web RPI Security

Postby therahmaniac » Sun Jul 03, 2016 2:53 am

AS i understand it
1. I need to prevent the deluge web on its port being exposed directly to th web(May be i will add some firewall rules for it)
2. Set up ssh tunnels making it the only way to access deluge-web.
Please do correct if am wrong and if there are any guides do share! Thanks

therahmaniac
New User
New User
Posts: 4
Joined: Sat Jun 25, 2016 1:13 pm
OS or Distro: Debian

Re: Deluge-web RPI Security

Postby therahmaniac » Mon Jul 18, 2016 1:13 am

I did some searching and wanted to make use of Iptables to block traffic from internet(I could establish the tunnel Thanks!). But I get the empty tracker error.
The ports I have configured to use on deluge are 49161-49179.
[*] I tried a rigid firewall policy whose default INPUT policy is chosen to DROP. Am sure I have chosen to ACCEPT for all tcp connections to above ports. The test active port on deluge also shows Okay. But all torrents run into empty tracker error.
[*]Next I chose to block only the web UI port that am currently using (49181) from web. Note: in this case default INPUT policy is only ACCEPT here and not DROP. Even in this case deluge errors out (empty message) on most torrents.
Any ideas? My version is 1.3.10.

User avatar
kkmic
New User
New User
Posts: 7
Joined: Tue Oct 20, 2015 10:08 am
OS or Distro: Raspbian

Re: Deluge-web RPI Security

Postby kkmic » Mon Aug 08, 2016 2:43 pm

You can install OpenVPN on your RPI (quite easily using http://www.pivpn.io/ - though it will take an hour or two). If you don't have a fixed IP address, keep using the duckdns service.
Create a user, copy its key to your phone and connect to the VPN using the OpenVPN Connect Android application.
Now you may connect to your Deluge WebUI using the local network address, like 192.168.0.15, without having to actually directly expose Deluge on the web.

Feriman
New User
New User
Posts: 4
Joined: Mon Feb 05, 2018 9:50 am
OS or Distro: Raspbian

Re: Deluge-web RPI Security

Postby Feriman » Sat Feb 24, 2018 8:52 pm

Use fail2ban on server side. I set up this and works well.


Return to “Support”

Who is online

Users browsing this forum: No registered users and 11 guests