FlightAware Discussions

Piaware exposed to the internet

For those of you who have exposed your PiAware to the external internet, I am finding someone from so-net.ne.jp pounding on my site. They are downloading aircraft.json every few seconds. There is no http-Referer so that means they are not coming in via my website but rather, just trying to suck the flight tracking data. I’m near CYYZ so the site is fairly busy. Maybe that’s the attraction. Anyway, I blocked the entire so-net.ne.jp netblock using iptables. …just a heads up if you are seeing an abnormally large amount of data uploaded from your site.
The command is “sudo iptables -A INPUT -s 118.236.0.0/16 -j DROP”
and 210.128.0.0/13. Case matters. And those commands do not persist after a reboot so you may want to put them somewhere where they will run at reboot.

1 Like

Thanks for the PSA. How did you figure out that this was happening in the first place? And also, is there a command to see which ip-addresses are sucking data ?

1 Like

My ISP’s website has a graph of upload/download data by day. The upload took a really really big jump up and stayed there, probably a month or two ago. I haven’t had time until recently to look into it. I had a heck of a time figuring out which of my systems was causing that. Fortunately I don’t have a cap on data. There is a Linux command “sudo iftop” which is like “top” but for I/O instead of CPU, so once I’d figured out which computer was the culprit, finding the IP address wasn’t difficult. I also proxy the piaware from my web server, rather than connect it directly to the internet. So an Apache/Linux webserver gives me a few more logs etc to look at. I don’t know if lighttp has the same logs or not. Lighttp is what is used by piaware. You’ll have to dig into that. I turned on access.log for a bit on the front end webserver. That will show you who is going after what, when and how often.

1 Like

There are many tools and ways to control it and the log files

eg:

sudo lsof -a -i

This does not really surprise me. Skyaware is intended mostly for local use; if you expose it to the internet at large, YMMV.

You can enable the lighttpd access log.
Instead of using a file i would recommend using the syslog output which shouldn’t cause any space issues as it’s normally automatically handled not to overfill.

This is how the start of my /etc/lighttpd/lighttpd.conf looks like:

server.modules = (
        "mod_access",
        "mod_alias",
        "mod_accesslog",
        "mod_redirect",
        )

accesslog.use-syslog = "enable"

I added the server module

        "mod_accesslog",

and enabled it to log to syslog:

accesslog.use-syslog = "enable"

Then you can have a live view of what’s happening:

sudo journalctl -u lighttpd -f

I find it easier to control resource access via my router. That way I don’t have to separately configure every resource on my network.