My setup was Pfsense+ with snort and whatever the DNS filtering was. I’ve almost fainted when I saw the port testing tool and found port 80 and 443 open. So, I’ve switched my phone to cellular and went on the browser to my public IP address. I saw the pfsense login screen.
Is there any other explanation than an over the top embarrassing misconfiguration?
I’ve dusted off my old USG, did the same, and everything is closed.
Thanks!
Welcome. We will need more information about the set up. What are your WAN rules?
We need to know your NAT rules also.
You need to look at your wan inbound rules - you will have port 80 and 443 open.
By default PFSense does not open any ports on the wan
Yep, but if there are any NAT rules for the WAN interface (inbound), we will see them as well under the WAN rules.
There are two possibilities 
A) The web console has always been exposed.
B) My quad Celeron couldn’t handle an OpenVPN connection for everyone. I think, the OpenVPN client always uses a single core, and it said no no no when large downloads occurred. Say, downloading 100GB via Steam. Either that, or a thermal issue. So, I’ve removed the OpenVPN client and settings. I wasn’t sure what the outbound NAT used to be. So, I did choose automatic. If this was the mistake, the console was only exposed for a day.
Anyway, I’ve factory reset pfsense before the initial post. I think I do need better hardware for running the OpenVPN client. And my USG is doing just fine, if you don’t need to VPN in, or want fancy stuff like snort. Cheers!
Sadly, a quad core celeron is more than fast enough for a typical home setup. But not for running stronger encryption OpenVPN on the router. I knew I’ve read this somewhere:
“This is a side-effect of the fact that the OpenVPN 2 codebase is single-thread”
Phishing email received (Strong MFA reminder BS) to a unique Ubiquiti/Netgate email alias. My web console must have been exposed for one or two days back then. Does the original post match pfsense vulnerabilities from 2023? Anyway, I remember I had an (old spare) USG ready and replaced pfsense at that time. @David How plausible is this? They could have retrieved my admin email, right?
The pesky problem is that email alias. So, the suspects who screwed up are ME or those two other companies 