It starts with being used in a botnet. Then your data can be either erased, corrupted or encrypted against ransom.
Comment on What's the security situation when opening a jellyfin server up for casting?
diegantobass@lemmy.world 3 weeks ago
Dumb question: why does everyone is so terribly afraid of opening stuff to the internet ? What’s the scenario?
rollerbang@lemmy.world 3 weeks ago
lime@feddit.nu 3 weeks ago
i’ve set up servers with static ips in datacenter settings before. the way you know you’re online is usually that your cpu activity jumps a few percent from all the incoming ssh traffic from russia and china. i don’t want to risk anything happening to my home server.
GreenCrunch@piefed.blahaj.zone 3 weeks ago
so fun to look through the ssh log and see hundreds of attempts…
diegantobass@lemmy.world 2 weeks ago
Quick question: If I look through the ssh log and I don’t see the hundred of attempts, what could be going on?..
GreenCrunch@piefed.blahaj.zone 2 weeks ago
I am not sure lol. perhaps your ssh port isn’t exposed to the internet, or maybe the bots are just ignoring you? maybe your hosting provider has some sort of security process to reject those attempts preemptively?
I have no clue
teawrecks@sopuli.xyz 2 weeks ago
Are you not actually open to the public internet? Is it running on a nonstandard port? Is it already pwned and something is scrubbing logs?
aichan@piefed.blahaj.zone 3 weeks ago
Missconfigurations allowing bots and shit hacking you. Overblown paranoia mostly if you just take some precautions
diegantobass@lemmy.world 3 weeks ago
Okay thanks for mentionning overblown paranoia, that’s what I have.
What kind of exploitable server misconfigurations are we talking about here?? Brute forcing won’t work because fail2ban, right? I’m a noob and deep down I’m convinced that my homeserver is compromised and has beenpart of a bitcoin mining farm for years… Yet, not a single proof…
irmadlad@lemmy.world 2 weeks ago
my homeserver is compromised and has beenpart of a bitcoin mining farm for years
The very first Linux server I deployed on a VPS was hacked almost immediately because of my ignorance. The bot gained entrance, and they supplanted a miner rig. Now, on a tiny VPS, it’s pretty easy to tell if you’re running a coin miner because all of the resources will be pegged. However, I got to thinking, on a corporate server, if they did manage to do this, it would almost be undetectable until someone started reviewing logs.
Ricaz@lemmy.dbzer0.com 2 weeks ago
Corporate servers will usually have some degree of SIEM implemented, and at least audit log monitoring.
GraveyardOrbit@lemmy.zip 2 weeks ago
[deleted]diegantobass@lemmy.world 2 weeks ago
Aren’t zero day very specific? Or maybe it’s become a very generic term.
Anyway, I am under the impression that either it’s suddenly very simple to hack into EVERYONE because someone zero dayed the wireguard protocol and there a major flow in it, it’s a shitshow, for all, for some, just me or nobody, whatever. Or it’s a very targeted attack on me personaly, and that’s a whole other story and the means to protect my pictures of my cats and my cool public domain movies collection are different (think social engineering). Also port 22 being bombarded by brute force attempts so don’t choose a password that’s 6 letters thanks.
I KNOW I am missing many things, but still, I don’t get it.
LiveLM@lemmy.zip 2 weeks ago
I’m paranoid dude, I don’t need the whole judging my awful taste in TV shows!
gdog05@lemmy.world 2 weeks ago
I set up Jellyseer so my friends can request whatever. Just blame your full collection of My Little Pony and Gilmore girls on that one friend from Finland (unless you’re in Finland, and then use Greece).
irmadlad@lemmy.world 2 weeks ago
lol
Danitos@reddthat.com 2 weeks ago
The first thing I opened to the internet was a SSH server. 28 minutes after opening it, I started getting constant entry attempts.
FreedomAdvocate@lemmy.net.au 2 weeks ago
It’s not just opening stuff to the internet, it’s opening stuff to the internet without any authentication in this case. If you don’t know how that’s bad…….
diegantobass@lemmy.world 2 weeks ago
Yeah sorry I missed the part where it has no authentification whatsoever, that’s just open bar.
4am@lemmy.zip 3 weeks ago
Allowing external access to your services means that any misconfiguration or bugs can be exploited to gain control of your machine(s).
Once that happens they can be fucked with, your data stolen, your resources co-opted for someone else’s use, etc. and often times it can be made to look as though whatever bad shit it’s doing is your doing.
So, understand your security posture. You can’t be too careful. Taking over weak or exposed machines is a global industry now.
planish@sh.itjust.works 2 weeks ago
But you can, in fact, be too careful. Availability is one arm of the security triad.
If whatever complex configuration you have set up to avoid exposing something to the Internet is incompatible with something and what you wanted to do can’t be done, or if you look and see that setting all that up would be too hard and don’t bother to expose the service at all, then your security posture is incorrect because your service is just as unavailable as if someone else broke it.
Ricaz@lemmy.dbzer0.com 2 weeks ago
At the same time, taking over exposed machines has never been more difficult.