Comment

EncryptKeeper@lemmy.world ⁨1⁩ ⁨week⁩ ago

No, they are actively trying to get in right now. If you have Authelia exposed they’re brute forcing it. They’re actively trying to exploit vulnerabilities that exist in whatever outwardly accessible software you’re exposing is, and in many cases also in software you’re not even using in scattershot fashion. Cloudflare is blocking a lot of the well known CVEs for sure, so you won’t see those hit your server logs. If you look at your Authelia logs you’ll see them though. If you connect via SSH you’ll see those in your server logs.

You’re mitigating it, sure. But they are absolutely 100% trying to get into your server right now, same as everyone else. There is no consideration to whether you are a self hosted or a Fortune 500 company.

source

Sort:hotnew top

_cryptagion@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago

No, they are actively trying to get in right now. If you have Authelia exposed they’re brute forcing it.

No, they aren’t. Just to be sure, I just checked it, and out of the over 2k requests made to the Authelia login page in the last 24 hours, none have made it to the login page itself. You don’t know jack shit about what’s going on in another persons network, so I’m not sure why you’re acting like some kind of expert.

source
- EncryptKeeper@lemmy.world ⁨1⁩ ⁨week⁩ ago
  Yes they are. To suggest they’ve would be a statistical wonder.
  
  2k requests made to the Authelia login page in the last 24 hours
  
  Are you logging into your Authelia login page 2k times a day? If not, I suspect that some (most) of those are malicious lol.
  
  You don’t know jack shit about what’s going on in another persons network
  
  It’s the internet, not your network. And I’m well aware of how the internet works.
  
  I’m not sure why you’re acting like some kind of expert
  
  Well I am an expert with over a decade of experience in cybersecurity, but I’m not acting like an expert here, I’m acting like somebody with at least a rudimentary understanding of how these things work.
  
  source
  - _cryptagion@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago
    
    Yes they are. The idea that they’re not would be a statistical wonder.
    
    Guess I’m a wonder then. I’ve always thought of myself as pretty wonderful, I’m glad to hear you agree.
    
    Are you logging into your Authelia login page 2k times a day? If not, I suspect that some (most) of those are malicious lol.
    
    That’s 2k requests made. None of them were served. Try to keep up.
    
    Well I am an expert with over a decade of experience in cybersecurity, but I’m not acting like an expert here, I’m acting like somebody with at least a rudimentary understanding of how these things work.
    
    Then I guess I should get a career in cybersecurity, because I obviously know more than someone with over a decade of supposed experience. If you were worth whatever your company is paying you in wages, you would know that a rule blocking connections from other countries, and also requiring the request for the login page come from one of the services on your domain, will block virtually all malicious attempts to access your services. Such a rule doesn’t work for a public site, but for a selfhosted setup it’s absolutely an easy option to reduce your bandwidth usage and make your setup far more secure.
    
    source
    EncryptKeeper@lemmy.world ⁨1⁩ ⁨week⁩ ago
    
    a rule blocking connections from other countries, and also requiring the request for the login page come from one of the services on your domain, will block virtually all malicious attempts to access your services.
    
    Whoa whoa whoa. What malicious attempts?
    
    You just told me you were the statistical wonder that nobody is bothering attack?
    
    That’s 2k requests made. None of them were served.
    
    So those 2k requests were not you then? They were hostile actors attempting to gain unauthorized access to your services?
    
    Well there we have it folks lmao
    
    source
    -> View More Comments