WordFence Blocked bot traffic Trying to Read /docker-compose.yml. Should I Do Anything?

A docker-compose.yml file should only be in your local development environment, or in your source code repository (e.g. github).

If you’re not a website developer, you probably don’t have any Docker files. You likely have no idea what that file is, and don’t need to.

Hackers know that if you have that file where they can find it, then you aren’t likely to check that file for modifications.

If the file exists where hackers could find it, the hackers put you in the “sucker” category for further probing. “Oh look, let’s find out if we can modify it.” If they get a “403 Forbidden” response, like WordFence gives, they move on to test the next website on their list.

If a hacker can modify your compose file, they could insert a library to install at each rebuild (that you or someone using your code does). That library could “do anything”.

If you are writing code, you could tell at a glance if your own docker-compose.yml was changed. Of course GIT would tell you if the file was changed. Either way, check it as you publish to your repository.

You have WordFence blocking access to your compose file, and perhaps WordFence then watches that hacker IP address more closely.

With WordFence installed, you can ignore the probing. WordFence will show you that your website, like all websites, can get thousands of probes every day. You can’t possibly react to all the probes; WordFence is one of a few companies that every day updates their rules for blocking hacker probes.

Of course, if you have the file where it doesn’t belong, fix that.

Are there problems with Docker itself, or exploits that require Docker? Not likely, and if one is found then, like all well-programmed and -maintained software, there will quickly be an update.

If you are using Docker or any other tools, keep your software updated, just like you keep WordPress plugins and themes and core updated.

Docker should only be used on your local development environment, or a restricted staging environment. If your website hosting company lets you run Docker on your account, they should keep Docker updated and they should block “anyone but you” accessing it; if they don’t, I advise you change hosting companies.






Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.