> On Jun 30, 2024, at 05:42, Reindl Harald <h.rei...@thelounge.net> wrote: > > > >> Am 30.06.24 um 06:39 schrieb MediaMouth: >> I'm not so sure that open ports are as intrinsically insecure as one might >> worry. We set up NodeJS web & API servers frequently -- very simple, very >> clear in reporting all traffic. You do see the constant attempts by bad >> actors, but you can code the servers to not respond to all traffic except >> those that are permitted by your API terms, and accompanied by a verified >> token. Been doing this over a decade with no hacks afaik. > > or you just don't know :-)
Yup. Exactly. From what I can tell on a machine with an open port 443 and a node server reports all traffic and attempts to access that port, and I do see a lot of nefarious attempts by bots -- mostly looking for wordpress vulnerabilities (non installed), php files (there's no php server on this machine) and this goes on endlessly. The server reads incoming requests character for character, method, header and body, and rejects all but a few requests. So presumably not much can happen, but yeah, I nonetheless wonder if a skilled hacker with a lower level understanding than I can nonetheless get in without my knowledge. I would think that if any open port could be hacked no matter what, the internet writ large would quickly be rendered useless Curious your insights > "you can code the servers to not respond to all traffic except those that are > permitted by your API terms" is pure nonsense in context of security bugs > _______________________________________________ > ffmpeg-user mailing list > ffmpeg-user@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-user > > To unsubscribe, visit link above, or email > ffmpeg-user-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-user mailing list ffmpeg-user@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-user To unsubscribe, visit link above, or email ffmpeg-user-requ...@ffmpeg.org with subject "unsubscribe".
