It starts with being used in a botnet. Then your data can be either erased, corrupted or encrypted against ransom.
Comment on What's the security situation when opening a jellyfin server up for casting?
diegantobass@lemmy.world 16 hours ago
Dumb question: why does everyone is so terribly afraid of opening stuff to the internet ? What’s the scenario?
rollerbang@lemmy.world 16 hours ago
Danitos@reddthat.com 5 hours ago
The first thing I opened to the internet was a SSH server. 28 minutes after opening it, I started getting constant entry attempts.
lime@feddit.nu 16 hours ago
i’ve set up servers with static ips in datacenter settings before. the way you know you’re online is usually that your cpu activity jumps a few percent from all the incoming ssh traffic from russia and china. i don’t want to risk anything happening to my home server.
GreenCrunch@piefed.blahaj.zone 14 hours ago
so fun to look through the ssh log and see hundreds of attempts…
diegantobass@lemmy.world 11 hours ago
Quick question: If I look through the ssh log and I don’t see the hundred of attempts, what could be going on?..
teawrecks@sopuli.xyz 1 hour ago
Are you not actually open to the public internet? Is it running on a nonstandard port? Is it already pwned and something is scrubbing logs?
GreenCrunch@piefed.blahaj.zone 10 hours ago
I am not sure lol. perhaps your ssh port isn’t exposed to the internet, or maybe the bots are just ignoring you? maybe your hosting provider has some sort of security process to reject those attempts preemptively?
I have no clue
aichan@piefed.blahaj.zone 15 hours ago
Missconfigurations allowing bots and shit hacking you. Overblown paranoia mostly if you just take some precautions
diegantobass@lemmy.world 14 hours ago
Okay thanks for mentionning overblown paranoia, that’s what I have.
What kind of exploitable server misconfigurations are we talking about here?? Brute forcing won’t work because fail2ban, right? I’m a noob and deep down I’m convinced that my homeserver is compromised and has beenpart of a bitcoin mining farm for years… Yet, not a single proof…
irmadlad@lemmy.world 9 hours ago
my homeserver is compromised and has beenpart of a bitcoin mining farm for years
The very first Linux server I deployed on a VPS was hacked almost immediately because of my ignorance. The bot gained entrance, and they supplanted a miner rig. Now, on a tiny VPS, it’s pretty easy to tell if you’re running a coin miner because all of the resources will be pegged. However, I got to thinking, on a corporate server, if they did manage to do this, it would almost be undetectable until someone started reviewing logs.
GraveyardOrbit@lemmy.zip 13 hours ago
There are probably thousands of zero days out there in the hands of hacking organizations and nation state level actors. Exposing anything to the internet that doesn’t absolutely have to be is an invitation for the world to join your network and access all your files, if you’re okay with that risk then proceed
diegantobass@lemmy.world 11 hours ago
Aren’t zero day very specific? Or maybe it’s become a very generic term.
Anyway, I am under the impression that either it’s suddenly very simple to hack into EVERYONE because someone zero dayed the wireguard protocol and there a major flow in it, it’s a shitshow, for all, for some, just me or nobody, whatever. Or it’s a very targeted attack on me personaly, and that’s a whole other story and the means to protect my pictures of my cats and my cool public domain movies collection are different (think social engineering). Also port 22 being bombarded by brute force attempts so don’t choose a password that’s 6 letters thanks.
I KNOW I am missing many things, but still, I don’t get it.
LiveLM@lemmy.zip 12 hours ago
I’m paranoid dude, I don’t need the whole judging my awful taste in TV shows!
gdog05@lemmy.world 11 hours ago
I set up Jellyseer so my friends can request whatever. Just blame your full collection of My Little Pony and Gilmore girls on that one friend from Finland (unless you’re in Finland, and then use Greece).
irmadlad@lemmy.world 9 hours ago
lol
FreedomAdvocate@lemmy.net.au 13 hours ago
It’s not just opening stuff to the internet, it’s opening stuff to the internet without any authentication in this case. If you don’t know how that’s bad…….
diegantobass@lemmy.world 11 hours ago
Yeah sorry I missed the part where it has no authentification whatsoever, that’s just open bar.
4am@lemmy.zip 15 hours ago
Allowing external access to your services means that any misconfiguration or bugs can be exploited to gain control of your machine(s).
Once that happens they can be fucked with, your data stolen, your resources co-opted for someone else’s use, etc. and often times it can be made to look as though whatever bad shit it’s doing is your doing.
So, understand your security posture. You can’t be too careful. Taking over weak or exposed machines is a global industry now.