[GH-ISSUE #1880] 我接入frp-notify之后,经常能收到各种地区的连接信息,FRP是否有安全漏洞 #1488

New issue

Closed

opened 2026-05-05 12:56:22 -06:00 by gitea-mirror · 1 comment

gitea-mirror commented

2026-05-05 12:56:22 -06:00

Owner

Originally created by @freshgeek on GitHub (Jun 23, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1880

Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly.

Use the commands below to provide key information from your environment:
You do NOT have to include this information if this is a FEATURE REQUEST

What version of frp are you using (./frpc -v or ./frps -v)?
0.33.0

What operating system and processor architecture are you using (go env)?
centos 7

Configures you used:
xxxx 脱敏

#server

[common]
bind_port = 7000
dashboard_port = 7500
# dashboard 用户名密码，默认都为 admin
dashboard_user = admin
dashboard_pwd = xxxx
authentication_method = token

token = xxxx

[plugin.frp-notify]
addr = xxxx:50080
#                             // frp-notify 地址
path = /handler
#                                    // frp-notify url, 固定配置
ops = Login,NewProxy,NewWorkConn,NewUserConn

# client

[common]
token = xxxx
server_addr = xxxx
server_port = 7000


admin_addr = 0.0.0.0
admin_port = 7400
admin_user = admin
admin_pwd = 
#remote_port = 7400

[ssh]
type = tcp
local_ip = 0.0.0.0
local_port = 22
remote_port = 22000

[adminui]
type = tcp
local_ip = 0.0.0.0
local_port = 7400
remote_port = 7400

[web_movie]
type = tcp
custom_domains = xxxx
local_ip = 0.0.0.0
local_port = 80
remote_port = 8000
http_user =  
http_user =  

[mysql]
type = tcp
local_ip = 127.0.0.1
local_port = 3306
remote_port = 3306

Steps to reproduce the issue:
1.接入钉钉机器人通知后,发现经常陌生IP登录,包括tcp,web,mysql 三种方式
2.并且在server端日志中也能看到确实有连接新建,
3.并且确定不是本人操作,并且未公布给任何人连接方式

Describe the results you received:

Describe the results you expected:

Additional information you deem important (e.g. issue happens only occasionally):

Can you point out what caused this issue (optional)

Originally created by @freshgeek on GitHub (Jun 23, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1880 Issue is only used for submiting bug report and documents typo. If there are same issues or answers can be found in documents, we will close it directly. Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST **What version of frp are you using (./frpc -v or ./frps -v)?** 0.33.0 **What operating system and processor architecture are you using (`go env`)?** centos 7 **Configures you used:** xxxx 脱敏 ``` #server [common] bind_port = 7000 dashboard_port = 7500 # dashboard 用户名密码，默认都为 admin dashboard_user = admin dashboard_pwd = xxxx authentication_method = token token = xxxx [plugin.frp-notify] addr = xxxx:50080 # // frp-notify 地址 path = /handler # // frp-notify url, 固定配置 ops = Login,NewProxy,NewWorkConn,NewUserConn ``` ``` # client [common] token = xxxx server_addr = xxxx server_port = 7000 admin_addr = 0.0.0.0 admin_port = 7400 admin_user = admin admin_pwd = #remote_port = 7400 [ssh] type = tcp local_ip = 0.0.0.0 local_port = 22 remote_port = 22000 [adminui] type = tcp local_ip = 0.0.0.0 local_port = 7400 remote_port = 7400 [web_movie] type = tcp custom_domains = xxxx local_ip = 0.0.0.0 local_port = 80 remote_port = 8000 http_user = http_user = [mysql] type = tcp local_ip = 127.0.0.1 local_port = 3306 remote_port = 3306 ``` **Steps to reproduce the issue:** 1.接入钉钉机器人通知后,发现经常陌生IP登录,包括tcp,web,mysql 三种方式 2.并且在server端日志中也能看到确实有连接新建, 3.并且确定不是本人操作,并且未公布给任何人连接方式 **Describe the results you received:** **Describe the results you expected:** **Additional information you deem important (e.g. issue happens only occasionally):** **Can you point out what caused this issue (optional)**

gitea-mirror closed this issue

2026-05-05 12:56:23 -06:00

gitea-mirror commented

2026-05-05 12:56:25 -06:00

Author

Owner

@fatedier commented on GitHub (Jun 23, 2020):

既然服务开放在公网上，就不能避免被其他人尝试建立连接。安全性在于你自己的 ssh 密钥以及 mysql 密码。

如果需要更高的安全性，可以用 stcp。

@fatedier commented on GitHub (Jun 23, 2020): 既然服务开放在公网上，就不能避免被其他人尝试建立连接。安全性在于你自己的 ssh 密钥以及 mysql 密码。如果需要更高的安全性，可以用 stcp。