Understanding Unauthorized Access Attempts to Erlang Nodes

This article explores the risks associated with unauthorized access attempts to Erlang nodes, as highlighted by a log message indicating a connection attempt from a suspicious node name. The author, who manages hobby projects on a VPS, notes that while nothing harmful has happened so far, the incident serves as a warning about the potential vulnerabilities in Erlang distribution. The author provides a detailed breakdown of how attackers might discover and connect to Erlang nodes, including techniques for querying node information and the implications of having the Erlang Port Mapper Daemon (epmd) accessible. To counteract these threats, the article proposes a 'hobby-grade security plan' involving disabling unnecessary Erlang distribution, limiting epmd exposure, and configuring a firewall. The conclusion reassures readers that while they may be mostly safe, they should still take measures to secure their Erlang nodes against such unauthorized access attempts.