Find a way to warn users about publicly accessible systems #564
Comments
|
How ruTorrent checks if a port is open: https://github.com/Novik/ruTorrent/blob/master/plugins/check_port/action.php#L10 |
|
I was thinking the same, I came across that site and another that have an API that we could potentially use. |
|
I prefer a solution that doesn't involve a site somewhere. |
|
Atm I'm inclined to limit to local subnet if auth is disabled. zoggy also suggested adding robots.txt to avoid google. @markus101 Sounds good? |
|
Where does that put us for VPS based hosting? We don't have an easy way to enable auth via the config file. Robots.txt is a great idea. |
|
Vps has public ip. So we can keep that open and generate a big fat healthcheck error. |
|
With auth being required (or at least default on) in v4 should eliminate the need for this in most cases, |
It's not going to be easy to handle this properly.
One option is to prevent calls from subnets other than the adapter subnet. But that makes installing on vps more difficult coz you would have to dive into a config file.
Best option is to add a healthcheck to warn about public accessible installs, but it may not be easy to reliably detect it. uPnP might help detect port mappings, but that's not always available.
I also don't want to use our services to check for a public accessible port.
The text was updated successfully, but these errors were encountered: