DuckDNS serious security problem

stevemann · October 20, 2022, 4:53am

I installed DuckDNS add-on months ago and I have no problem getting into my Home Assistant using mydns.duckdns.org:8123

Works great.

But, I discovered recently that mydns.duckdns.org without the port 8123, I am directed to my router at 192.168.1.1

Anyone who knows mydns could get into my router settings. Worse yet, I can’t change the admin password on the router. (I’ll take that up with Verizon- wish me luck).

I wonder if changing my router’s IP address might fix this, or would I be asking for other trouble?

frits1980 · October 20, 2022, 5:17am

This is not a duckdns problem. This is all a router problem.

Tamsy · October 20, 2022, 5:25am

Depending on your router brand/model access to the router’s config page from external can be restricted.

eggman · October 20, 2022, 5:25am

Just close down port 80 on your router (might be setting like allow remote admin), this should be the default. Otherwise you can get picked up by anyone port scanning.

That IP address isn’t routable on the internet, so I don’t see how any traffic could have been directed to it.

Tamsy · October 20, 2022, 5:28am

It’s coming through his public ip address. As bertie already pointed it out: Restrict remote admin with your router configuration.

stevemann · October 20, 2022, 5:44am

Thanks everyone- it’s safe now.

Poor wording of the question. I knew it was a router problem, but it only became evident when using my duckdns URL.

This fixed it. Thanks. Remote Admin was enabled.