Ancestors

Written by miau@lemmy.sdf.org on 2024-11-04 at 14:31

Help me harden my home server

https://lemmy.sdf.org/post/24652924

=> More informations about this toot | More toots from miau@lemmy.sdf.org

Written by slug@lemmy.world on 2024-11-04 at 23:04

does anyone have an actual horror story about anything happening via an exposed web service? let’s set aside SSH

=> More informations about this toot | More toots from slug@lemmy.world

Toot

Written by linearchaos@lemmy.world on 2024-11-05 at 05:00

Yeah, a company got toasted because one of their admins was running Plex and had tautulli installed and opened to the outside figuring it was read-only and safe.

Zero day bug in tat exposed his Plex token. They then used another vulnerability in Plex to remote code execute. He was self-hosting a GitHub copy of all the company’s code.

=> More informations about this toot | More toots from linearchaos@lemmy.world

Descendants

Written by conorab@lemmy.conorab.com on 2024-11-05 at 05:16

Last time they’ll ever do that! Pass the buck of hosting web-facing Plex servers onto somebody else.

=> More informations about this toot | More toots from conorab@lemmy.conorab.com

Written by mint_tamas@lemmy.world on 2024-11-05 at 08:09

This guy was running a three year old version of Plex with a known (and later fixed RCE), and was working for LastPass.

=> More informations about this toot | More toots from mint_tamas@lemmy.world