Incident · exposed panels

Exposed control panels (what reports say)

Multiple reports describe internet-facing Moltbot/Clawdbot control panels due to misconfiguration (often reverse proxy + trust assumptions). These exposures can leak configuration, tokens, and conversation history.

If you suspect exposure: restrict access immediately and rotate all tokens. Assume compromise risk.

What went wrong (pattern)

Admin/control UI reachable from the public internet.
Reverse proxy treated internet requests as "local" or trusted.
Attackers could view config, API keys, OAuth credentials, and chat history (per reports).

Fast fixes

Stop public access

Bind to loopback and access remotely only via VPN/tunnel.

Require token for non-loopback

Treat token as mandatory when binding beyond localhost.

Rotate credentials

Bot tokens, OAuth tokens, API keys. Assume they leaked.

Networking hardening → Exposure check →

Sources

Bitdefender: exposed control panels risk credential leaks
The Hacker News: mentions unauthenticated instances via reverse proxy misconfiguration

Back to incidents → Run 5‑minute AutoCheck →