I know, I know, clickbaity title but in a way it did. It also brought in the situation in the first place but I’m just going to deliberately ignore that. Quick recap:

  1. I came home at 3pm from the city, my internet at home didnt work.
  2. checked multiple devices, phones worked out of wifi, I figured I need to restart the router
  3. I login to the router and it responds totally normal but my local network doesnt. (Its always dns, I know)
  4. I check the router log and see 100s of login attempts over the past couple of days.
  5. I panic and pull the plug, try to get into my server by installing an old monitor, works, many errors about dns
  6. Wife googles with her phone, seems I had https login from outside on and someone found the correct port, its disabled now
  7. Obviously, local network still down, I replug everything and ssh into the server which runs pihole as dns
  8. pihole wont start dns, whatever I do
  9. I use history and find I "chmod 700"ed the dns mask directory instead of putting it in a docker volume…
  10. I check the pihole.log, nothing
  11. I check the FTL log, there is the issue
  12. I return it to 777, everything is hunky dory again.

Now I feel very stupid but I found a very dangerous mistake by having my lan fail due to a less dangerous mistake so I’ll take this as a win.

Thanks for reading and have a good day! I hope this helps someone at some day.

  • haui@lemmy.giftedmc.comOP
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    25
    ·
    8 months ago

    Yeah, I dont feel like setting up a whole cloud infrastructure on a hunch. I‘m running like 15 different services and they are all compartmentalized. It would take weeks to reset all this. So far nobody got anywhere from what I can see.

      • haui@lemmy.giftedmc.comOP
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        7
        ·
        8 months ago

        Wow, a lot of people would set up a new server because of intrusion attempts in a log i guess. If I did that in a job I‘d get fired for doing nothing else but resetting everything every week.

        As an admin, you have to keep the CTO from using „master“ or „admin“ as the ssh password on a production server. Just so you know what level of stupidity makes the big bucks out there.

        • prettybunnys@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          As an admin I’d question why the CTO has a login on a production server.

          You would do well listening more when you ask for advice.

          • lando55@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            For Chiefly reasons of course. Now whether or not that server is active in the cluster is another matter entirely, but hey if it makes him/her feel important /shrug