Not to mention bots/people/companies watching torrent peers, looking up SSL certs for the IPs, then attacking anything with jelly in it… Security through obscurity is not security
Comment on That's all folks, Plex is starting to charge for sharing
dependencyinjection@discuss.tchncs.de 4 days agoYou don’t need to post your IP. Any server admin would tell you that if you have a server exposed to the internet then you’re going to get people / bots knocking and your doors (ports) to see what is open. They could then use something like meta spoilt to find vulnerabilities and gain access to your server.
Zeoic@lemmy.world 2 days ago
dogs0n@sh.itjust.works 3 days ago
Hm I don’t remember posting the comment you are replying to, to the one I replied to.
You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.
When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.
smiletolerantly@awful.systems 11 hours ago
Which shouldn’t really be an issue since you should only host on 443, which tells bots basically nothing.
Configure your firewall/proxy to only forward for the correct subdomain, and now the bots are back to 0, since knowing the port is useless, and any even mildly competent DNS provider will protect you from bots walking your zone.