Comment on Jellyfin over the internet
_cryptagion@lemmy.dbzer0.com 6 days agoNo, people are probing it right now. But looking at the logs, nobody has ever made it through. And I run a pretty basic setup, just Cloudflare and Authelia hooking into an LDAP server, which powers Jellyfin. Somebody who invests a little more time than me is probably a lot safer. Tailscale is nice, but it’s overkill for most people, and the majority of setups I see posted here are secure enough to stop any random scanning that happens across them, if not dedicated attention.
EncryptKeeper@lemmy.world 6 days ago
No, they are actively trying to get in right now. If you have Authelia exposed they’re brute forcing it. They’re actively trying to exploit vulnerabilities that exist in whatever outwardly accessible software you’re exposing is, and in many cases also in software you’re not even using in scattershot fashion. Cloudflare is blocking a lot of the well known CVEs for sure, so you won’t see those hit your server logs. If you look at your Authelia logs you’ll see them though. If you connect via SSH you’ll see those in your server logs.
You’re mitigating it, sure. But they are absolutely 100% trying to get into your server right now, same as everyone else. There is no consideration to whether you are a self hosted or a Fortune 500 company.
_cryptagion@lemmy.dbzer0.com 6 days ago
No, they aren’t. Just to be sure, I just checked it, and out of the over 2k requests made to the Authelia login page in the last 24 hours, none have made it to the login page itself. You don’t know jack shit about what’s going on in another persons network, so I’m not sure why you’re acting like some kind of expert.
EncryptKeeper@lemmy.world 6 days ago
Yes they are. To suggest they’ve would be a statistical wonder.
Are you logging into your Authelia login page 2k times a day? If not, I suspect that some (most) of those are malicious lol.
It’s the internet, not your network. And I’m well aware of how the internet works.
Well I am an expert with over a decade of experience in cybersecurity, but I’m not acting like an expert here, I’m acting like somebody with at least a rudimentary understanding of how these things work.
_cryptagion@lemmy.dbzer0.com 6 days ago
Guess I’m a wonder then. I’ve always thought of myself as pretty wonderful, I’m glad to hear you agree.
That’s 2k requests made. None of them were served. Try to keep up.
Then I guess I should get a career in cybersecurity, because I obviously know more than someone with over a decade of supposed experience. If you were worth whatever your company is paying you in wages, you would know that a rule blocking connections from other countries, and also requiring the request for the login page come from one of the services on your domain, will block virtually all malicious attempts to access your services. Such a rule doesn’t work for a public site, but for a selfhosted setup it’s absolutely an easy option to reduce your bandwidth usage and make your setup far more secure.