Comment on Jellyfin over the internet
_cryptagion@lemmy.dbzer0.com 6 days agoNo, they are actively trying to get in right now. If you have Authelia exposed they’re brute forcing it.
No, they aren’t. Just to be sure, I just checked it, and out of the over 2k requests made to the Authelia login page in the last 24 hours, none have made it to the login page itself. You don’t know jack shit about what’s going on in another persons network, so I’m not sure why you’re acting like some kind of expert.
EncryptKeeper@lemmy.world 6 days ago
Yes they are. To suggest they’ve would be a statistical wonder.
Are you logging into your Authelia login page 2k times a day? If not, I suspect that some (most) of those are malicious lol.
It’s the internet, not your network. And I’m well aware of how the internet works.
Well I am an expert with over a decade of experience in cybersecurity, but I’m not acting like an expert here, I’m acting like somebody with at least a rudimentary understanding of how these things work.
_cryptagion@lemmy.dbzer0.com 6 days ago
Guess I’m a wonder then. I’ve always thought of myself as pretty wonderful, I’m glad to hear you agree.
That’s 2k requests made. None of them were served. Try to keep up.
Then I guess I should get a career in cybersecurity, because I obviously know more than someone with over a decade of supposed experience. If you were worth whatever your company is paying you in wages, you would know that a rule blocking connections from other countries, and also requiring the request for the login page come from one of the services on your domain, will block virtually all malicious attempts to access your services. Such a rule doesn’t work for a public site, but for a selfhosted setup it’s absolutely an easy option to reduce your bandwidth usage and make your setup far more secure.
EncryptKeeper@lemmy.world 6 days ago
Whoa whoa whoa. What malicious attempts?
You just told me you were the statistical wonder that nobody is bothering attack?
So those 2k requests were not you then? They were hostile actors attempting to gain unauthorized access to your services?
Well there we have it folks lmao
_cryptagion@lemmy.dbzer0.com 6 days ago
I said it would block all malicious attempts. I didn’t say the people trying to access my services were malicious. Clearly the OP is worried about that. I however, having just the meager experience of, you know, actually fucking running the a Jellyfin server, am not. But I’m also not trying convince people I’m a smug cybersecurity expert with a decade of experience.