Critical Security Update for GMRS Hamvoip Nodes – Protect Your Bandwidth
I recently discovered a serious security issue affecting some default Hamvoip node setups. This is likely in all nodes based on that image and needs to be fixed or you need to take your nodes webpage off the internet. Close your ports.
This may explain why some users have to reboot everything after a while to stop jitter and sluggish nodes. As rebooting will give you a new IP and stop the abuse for a while.
Certain Apache proxy modules may be enabled by default, which allows your node to be used as a proxy by anyone on the Internet. This can lead to massive, unintended bandwidth usage and potentially put your node at risk of abuse or blacklisting.
At this time I don’t know which nodes have this proxy enabled likely all of them. But running this script will tell you if yours is affected or not.
In our tests, we observed extreme bandwidth consumption:
| Usage | 1hr | 12hr | 24hr | 1Week | 1Month |
|---|---|---|---|---|---|
| Upload | 45.90 MB | 59,585.11 TB | 59,585.11 TB | 4,562,704.53 TB | 5,935,882.69 TB |
| Download | 1.90 TB | 63,124.38 TB | 63,124.38 TB | 11,125,110.18 TB | 10,957,953.10 TB |
Clearly, leaving these modules enabled can lead to enormous, unmonitored network usage, potentially incurring charges or throttling from your ISP.
From the nodes webserver logs
64.62.156.77 – – [30/Aug/2025:08:35:17 -0500] “GET http://api.xxxxxxx.org/?format=json HTTP/1.1” 302 –
64.62.156.77 – – [30/Aug/2025:08:35:19 -0500] “CONNECT www.xxxxxxxx.org:443 HTTP/1.1” 302 –
In the above example they are using the node as a proxy to download files for them. And who knows what they are doing ( hacking, spam, illegal traffic). All of which will be coming from your IP
To prevent this, I have created a safe script to fix your node:
- change to tmp
cd /tmp- Download the fix script
curl -sSL -o fix_proxy.sh https://raw.githubusercontent.com/tmastersmart/gmrs_live/refs/heads/main/fix_proxy.sh
- Inspect it before running
less fix_proxy.sh
- Run the script
bash fix_proxy.sh
Above is on a old GMRSLive node I converted to GMRSHUB.
This fully explains most all the problems we have had for years.
Jitter, Sluggish and lockups. Ever had to reboot your router? this is why.
this is why.
What the script does:
- Scans your Apache configuration for active proxy modules.
- Comments out all potentially unsafe proxy modules.
- Displays messages showing which modules are being disabled.
- Reboots your node to apply the changes.
Why you should act immediately:
Leaving these proxy modules active exposes your node to external abuse, which can:
- Consume massive amounts of bandwidth.
- Slow down your node for legitimate GMRS use.
- Create potential legal or ISP issues if your node is used for malicious activity.
We strongly encourage all GMRS Hamvoip node operators to review their Apache configuration and run this fix script to ensure their nodes are secure.
Manual Instructions for Advanced Users
If you prefer to manually inspect and fix your node:
- Check which proxy modules are loaded
httpd -M | grep proxy
- Open your Apache config file
nano /etc/httpd/conf/httpd.conf
or wherever your Hamvoip Apache config is located.
- Comment out all potentially unsafe proxy modules by adding a
#at the start of lines like:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so
- Save and exit, then restart Apache:
systemctl restart httpd
- Verify the modules are disabled:
httpd -M | grep proxy
You should only see modules that are intentionally enabled, and none of the risky proxy modules.
Takeaway: Act immediately. Leaving these proxy modules active exposes your node to abuse, which can consume massive amounts of bandwidth and may lead to network or legal issues.
I would be interested in finding out if you node is affected and which release it is. Please add your comment here. Perhaps some don’t have this but I suspect they all.
Final thought is after finding how bad this software is setup, even after patching I would not expose any ports to the internet if you need a status page you need a hub in the cloud or a hub running on a desktop. Don’t use a pi image for a hub. And don’t expose the port 222 as I am sure this old ssh also has problems. I am in the process of Harding the Louisiana Image since its also hamvoip based, to this and will have a new release tonight.
It would be interesting to see who activated this proxy by seeing which images have it.
If your looking for a GMRS image without this flaw Download LA GMRS image