Hello,
i have an external dedicated root server. Do you think it is an security issue to puplish the SNO Dashbord
to the world wide web?
1 Like
It would be fine if you put a reverse proxy with authentication and TLS in front of it (nginx, for example).
I am able to setup nginx reverse proxy server with SSL. below is the configuration with subdomain.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name storj.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
resolver 127.0.0.11 valid=30s;
set $upstream_app storagenode;
set $upstream_port 14002;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header Connection "";
}
I used docker image " linuxserver/letsencrypt" to setup nginx with SSL.
1 Like
Most of websites on the Internet are public
And has no authentication and are not security risk.
So, no need for paranoia.
my dashboard:
http://slavikca.myds.me:14005/
Most websites on the internet don’t give access to your own personal devices hosted in your own personal network…
WOW…
Why your “own personal device” is more valuable then powerful server in the data center (where public sites are hosted)?
Why your “own personal network” is more valuable, then much faster network, where most other public sites are hosted? And by the way, your personal network is not accessible through the dashboard.
It’s not about valuable, it’s about vulnerable. Datacenters pay lots of money and have entire teams of people dedicated to keeping everything secure. I’m guessing you don’t for your home setup.
Yes, it’s possible to know what you’re doing and do what needs to be done to secure things, but your callous attitude towards security suggests you probably shouldn’t be opening any ports into your own network before you do some research on how vulnerabilties in web servers can be used to infiltrate your system and your network.
And it doesn’t matter that you’re not an interesting target. These days most attacks are automated and take over whatever they come across.
Of course you’re free to do whatever you want, but I think you can understand why considering this, storj tells people to not open their stuff up to the public internet.
1 Like
Wow you really dont know the dangers of putting your self out in the public you know theres hackers everywhere, You are allowing pubicly allowing direct access to your network when you open it up like this. Everything on the internet is constantly being scanned. You never wanna open anything publicly with your own network. Your not even attempting to make your self secure at all just open http why not just hand over your credit card info and your address to everyone.
Hm, you are saying, that I have “callous attitude” simple because I opened dashboard port.
But every SNO has to open storJ port 28765 to become part of the network.
So, why is it that opening storJ port is not “callous attitude”? Why only dashboard port is so dangerous?
ok, you have my link to my open port above.
I challenge you to get any of my protected info behind my network perimeter, and I’ll l give you all my storJ wallet funds.
Note: I have plenty of info openly published. That’s doesn’t count. Find something, that is private. Like any of my password,
Or publish anything TO MY NETWORK,
Or access any of my computer fileshares.
I know, that there hackers out there. That’s not the reason to be paranoid and spend hours configuring vpn just to access dashboard.
1 Like
Have you ever ran an unsecure website/server before? My hacking days are over I have no interest in taking anyone info or money, Im only here to tell you the facts on what your doing isnt the way to do it. Your opening up an unsecured website to the public that can pull api from your node at any time. There’s a long list of ways people can access though this but im not going to go though them here, The difference between the nodes port and the webserver port is that the nodes port is secured.
One is your privacy is #1 importance. You can do anything you wanna do we can only give you the best information of how to handle it. Datacenters Have secured servers with alot of security’s in place and even those get hacked. If you look at any news of VPNs getting hacked though datacenters it only needs 1 entrance for someone to access and if they know how to take advantage of it they will.
You can either listen to people who have experience or you can just do what you wanna do and take a huge chance.
I’m saying you have a callous attitude because you’re implying there is no difference to hosting something on your own network at home vs a highly secure data center. You’re even extremely callous in your response by openly challenging hackers, but that again suggests you’re not defending against today’s world. I would say it’s probably pretty unlikely a human hacker would target you. And if a decent hacker does want to target you, you’d probably be toast. Most of us would be. You want to find out? Hire a pen-tester, I’m not qualified to do that and I wouldn’t do that without a signed contract anyway, as there are legal issues to contend with. Even though your open challenge probably weakened your legal position as well.
Have a listen to the “security now” podcast if you want to get some idea of the dangers. Today, you’re looking to protect yourself against automated exploit kits, which combine all known software vulnerabilities to automatically take over devices and adopt them into a botnet. Those devices will then become part of the network that spreads it and whatever the owner wants to do with them. If you’re lucky, they’ll just mine some monero coins using your resources or use your device in DDoS attacks. If you’re unlucky, they will encrypt all your data and ask for a ransom to get it back. If you have any compromising data on there, they may hold it and blackmail you. Or they may simply pretend they have it. Problem is, you won’t know which it is. So, will you pay up if they show you they have all your photos and threaten to publish them?
All of this can be done without anyone ever targeting you specifically. It doesn’t matter that nobody is out to get you.
There is a reason good security practices exist. So only open what you need to the public. A tightly controlled protocol like storj is less dangerous than more complex things like web servers that use a lot of stacked third party software. More code means more chances of compromising mistakes in the code. Not up to date on one piece of software and you can be toast. So the less you expose the less chance there is that happens.
I’m obviously not going to change your mind, so this response isn’t even for you anymore. It’s for anyone who passes by and thinks there is no need to follow proper security guidelines because of what you said. You’re just wrong. And I’m fine with you compromising yourself after all these warnings, but I’m not ok with you compromising others by extension by saying it doesn’t matter.
5 Likes