Comment on Help getting started with self hosting Jellyfin via NAS?
illusionist@lemmy.zip 1 day ago
An open port is a door to the service. The service needs a vulnerability and then an attacker can abuse that. Oftentimes multiple vulnerabilities are used in an attack. Attacks can become public years after they were found. Just because nothing is public doesn’t mean that it’s there. What can an attacker gain if he enters your server?
app.opencve.io/cve/?product=jellyfin&vendor=jelly…
If you want to know what happens to people who opened their ports in the past, look in the lemmy and reddit selfhosted subs for the posts about it. I am not aware of a single post in the last x years about someome complaining that his jellyfin media library was encrypted and she shall pay a sum x for the encryption keys.
ampersandrew@lemmy.world 1 day ago
So then if I’m evaluating a worst case for what I plan to use this NAS for, it would be that an attacker gains access to movies that I have on my shelf, CDs that I have on my shelf, books that I’d have the right to redownload as long as the place I bought them from is still in business, and my own save files for DRM-free video games that Heroic Games Launcher currently tells me not to rely on them for syncing back to GOG.com. At which point, if some attacker found a vulnerability and locked my NAS from me, they’d have caused me an annoyance in that I’d have to reformat those drives and re-rip that media. With no sensitive information intended to be on this thing, it seems pretty low risk, right?
illusionist@lemmy.zip 1 day ago
That’s one risk. Someone could use it for a bot net or other attacks. Or he could try to escape the device and hack into other devices on the LAN. But also, it depends on the reward that a hacker can get. Is the expected reward worth the work to hack into your server?
ampersandrew@lemmy.world 1 day ago
You’re a stranger on the internet. Even if I was so petty as to blame you, I’d have a hard time tracking you down, haha.
illusionist@lemmy.zip 1 day ago
Backup and yolo 😎