How to Secure Your OpenClaw Control Server from Hackers

The Critical Vulnerability

Security researcher @theonejvo recently discovered hundreds of OpenClaw (then known as Clawd.bot) Control servers exposed to the public internet. Attackers could:

Steal API keys (Anthropic, OpenAI, Discord)
Read conversation histories
Execute commands as root
Pivot to attack other systems

The root cause? A dangerous combination of localhost trust and reverse proxy configuration.

How the Vulnerability Works

OpenClaw has a security feature that auto-approves connections from localhost (127.0.0.1) without authentication. This is convenient for local development, but becomes a critical flaw when running behind a reverse proxy.

The problem:

User Request → Nginx/Caddy → OpenClaw
                    ↓
           Appears as 127.0.0.1
                    ↓
           Auto-approved! No auth needed!

When you run OpenClaw behind nginx or Caddy, every internet request appears to come from localhost. This means every random hacker on the internet gets auto-approved access.

What's At Risk

If your server is exposed, attackers can access:

| Asset | Risk Level | Impact | |-------|------------|--------| | Anthropic API keys | Critical | Unauthorized usage, massive bills | | Discord tokens | Critical | Bot takeover, server compromise | | Conversation history | High | Private data exposure | | Server access | Critical | Full system compromise | | Other credentials | Critical | Lateral movement to other systems |

Fix #1: Configure Gateway Authentication

The most important fix is enabling password authentication for the gateway.

Edit your OpenClaw configuration:

# In your OpenClaw config file
gateway:
  auth:
    password: "your-strong-password-here"

Generate a strong password:

# Generate a 32-character random password
openssl rand -base64 32

Important: Use a unique, strong password. Never reuse passwords from other services.

Fix #2: Configure Trusted Proxies

If you're using a reverse proxy (nginx, Caddy, etc.), you must configure trustedProxies so OpenClaw knows which IPs to trust for forwarded headers.

# In your OpenClaw config file
gateway:
  auth:
    password: "your-strong-password-here"
  trustedProxies:
    - "127.0.0.1"
    - "::1"

This tells OpenClaw to only trust proxy headers from localhost, and to use the real X-Forwarded-For IP for authentication decisions.

Fix #3: Configure Your Reverse Proxy

Your reverse proxy must forward the real client IP correctly.

Nginx Configuration

server {
    listen 443 ssl http2;
    server_name your-domain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;

        # Critical: Forward real IP
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;

        # WebSocket support
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Caddy Configuration

your-domain.com {
    reverse_proxy localhost:3000 {
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
}

How to Check If Your Server Is Exposed

Method 1: Shodan Search

Visit Shodan and search for:

"OpenClaw Control" port:443

"OpenClaw" http.html:"Control"

If your server's IP appears in results, you're exposed.

Method 2: Manual Test

Try accessing your server's Control interface from a different network (like your phone's mobile data):

curl -I https://your-domain.com/control

If you can access it without authentication, you're exposed.

Signs Your Server May Be Compromised

Check for these warning signs:

Unusual API usage - Check Anthropic Console for unexpected charges
Unknown conversations - Review conversation logs for unfamiliar chats
Modified configuration - Check if config files were changed
New user accounts - Run cat /etc/passwd to check for new users
Unexpected processes - Run ps aux and look for suspicious processes
Outbound connections - Run netstat -tulpn to check connections

Immediate Steps If Compromised

Take the server offline - Stop OpenClaw immediately
Rotate ALL credentials:
- Anthropic API key
- Discord bot token
- Any other API keys configured
Check conversation logs - Determine what was accessed
Review system logs - Check for unauthorized access
Consider rebuilding - If root access was possible, assume full compromise

# Stop the bot immediately
pm2 stop openclaw

# Or if running directly
pkill -f openclaw

Complete Security Checklist

After applying fixes, verify:

[ ] Gateway password configured
[ ] Trusted proxies configured
[ ] Reverse proxy forwards real IP
[ ] Tested access from external network
[ ] API keys rotated (if previously exposed)
[ ] Firewall configured (UFW/iptables)
[ ] SSH hardened (key-only, non-root)
[ ] Fail2Ban installed

Rate Limiting (Additional Protection)

Add rate limiting to your nginx config to prevent brute force attacks:

# At http block level
limit_req_zone $binary_remote_addr zone=openclaw:10m rate=10r/s;

# In your server block
location / {
    limit_req zone=openclaw burst=20 nodelay;

    proxy_pass http://localhost:3000;
    # ... other proxy settings
}

Why This Matters

AI agents like OpenClaw are high-value targets because they hold the keys to multiple services. A compromised bot can:

Run up thousands in API bills
Access private conversations
Pivot to attack other systems
Damage your reputation

This is why security must be a priority, not an afterthought.

Security Included with Premium Setup

Configuring all of this correctly takes time and expertise. Our Premium Setup includes:

Proper reverse proxy configuration
Gateway authentication setup
Firewall and Fail2Ban configuration
SSH hardening
Ongoing security updates

Don't want to risk getting it wrong? Contact us for professional setup with security included.