• 0 Posts
  • 212 Comments
Joined 2 years ago
cake
Cake day: June 9th, 2023

help-circle





  • Those attacks you see are mostly (close to 100%) harmless bots, scripts. Yes they are trying default passwords and exploits that got patched years ago.

    If you do not use default credentials and do run up to date software there is nothing to worry about.

    Even brute force attacks are rare.

    This is just “noise” so to speak.

    If you are scared by this, you should reconsider hosting something on the internet. Yes things like fail2ban can help but only if they knock on your server multiple times and mostly only to keep your logs clean.




  • Because in the local/private network are many hosts, like your phone, pc and your server. Exposing means that the device that is exposed gets basically everything forwarded what usually the router would handle. Exposing does expose a host to the WAN.

    Forwarding a Port only forwards the specified ports. You can use multiple hosts for that. For example you can port forward port 80 to your Phone to port 321 or whatever and port 443 to your server at port 20.




  • NOTE: Scrutiny is a Work-in-Progress and still has some rough edges.

    Honestly, at this point i would not recommend the usage of scrutiny, the development was almost ways really slow and the creater does not seem to have kuch interest in the project. There are still standing issues and imho important features missing.

    I would look into prometheus+grafana or something of that sort.




  • That’s simply bad software practice, which was fixed once pointed out. Fact is that if they had done this on purpose, they wouldn’t have changed it and instead, would’ve came up with an excuse to keep it the same way.

    This is not correct. While they have removed it from being installed on newer installs/updates, the certificate remains on the system that ran the corresponding version installer/upgrade unless it will be manually removed by the few percent that got the news.



  • ShortN0te@lemmy.mltoLinux@lemmy.mlRustdesk alternative?
    link
    fedilink
    arrow-up
    5
    arrow-down
    7
    ·
    1 month ago

    It could install software that transmits the data some time else. Basically something virus would do. The code can be hidden somewhere or loaded from somewhere with simple code.

    Those are basic tactics used for years by malware. If just simply monitoring would be enough to protect against malware then we would have way less problems.

    You should never run untrusted code or code by untrusted ppl.



  • ShortN0te@lemmy.mltoLinux@lemmy.mlRustdesk alternative?
    link
    fedilink
    arrow-up
    12
    arrow-down
    2
    ·
    1 month ago

    The installer has included a root certificate before that gets installed without asking. Also there are some code blobs in the code iirc.

    Also how they handled the initial wayland “support”.

    It is relatively easy to smuggle in backdoors if you are the maintainer of the code and afaik there was not even an independent audit.

    Saying it is fine just because of it being OS is really naive.