search

rustdesk / rustdesk-server-pro

Some scripts for RustDesk Server Pro are hosted here.
135 stars 65 forks source link

Unknown custom clients downloads and executions #312

Closed AlvaroNieto closed 2 months ago

AlvaroNieto commented 2 months ago

Everytime I create a new custom client, I see new and unknown devices that download the custom client and executed it in the following seconds. I always remove the custom client after I download it becase of this, but sometimes it still happens.

I have Rustdesk Server Pro version 1.4.0 but has been happening since the launch of the custom client.

Is there any possibility that thirth parties are able to access the custom client files from Rustdesk's backend? That would be kind of an important issue.

My server is not accesible from the internet so my infrastructure should no be the problem.

pdifeo commented 2 months ago

Similar problem reported by me in &A https://github.com/rustdesk/rustdesk-server-pro/discussions/307

rustdesk commented 2 months ago

@21pages follow it up.

rustdesk commented 2 months ago

We have put a fix to enforce the download security on our server side a moment ago.

pdifeo commented 2 months ago

We have put a fix to enforce the download security on server side a moment ago.

Thank you for your consideration.

is it advisable to change the key ?

rustdesk commented 2 months ago

is it advisable to change the key ?

I would advise to build a new client with changed IP and key to verify if it is really downloaded by others.

rustdesk commented 2 months ago

It is quite similar to this https://docs.tacticalrmm.com/faq/#help-ive-been-hacked-and-there-are-weird-agents-appearing-in-my-tactical-rmm

AlvaroNieto commented 2 months ago

Yep, it really looks just like that. The thing is, we do not have full control of all the devices that uses our Rustdesk Server. So we can't disable the Automatic sample client-wide. I am going to create a new custom client to see if they do not appear after your fix deployment.

rustdesk commented 2 months ago

My fix can not handle this AV case.

AlvaroNieto commented 2 months ago

My fix can not handle this AV case.

As long as the only "ghost" connections that appear are from the AV samples, we are comfortable with it. We have random passwords and monitor new devices that connect to the server. Should not be an issue.

I left a new custom client created ready to be downloaded (but never executed), I will check tomorrow if new IDs have appeared. If not, I will close the issue.

Thank you!

AlvaroNieto commented 2 months ago

No unknown IDs!