• db0@lemmy.dbzer0.comOPM
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Look mate, I am hosting what the lemmy devs provided. I don’t think this is particularly useful to an attacker since this is an internal url not accessible outside of the internal network and all this is plainly open in the ansible code that deploys everything. Every lemmy is setup the same way. But do feel free to raise the security concern about it since practicallyt every lemmy server has a “pictrs” DNS.

    • TheCaconym [any]@hexbear.net
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      I realize you’re probably pretty angry right now since you were getting piled on a bit and I should’ve taken that into account, sorry for calling you a nincompoop.

      But to be clear: every single information about your server matters. Security flaws that might not look exploitable can suddenly thrive due to internal information leaked by badly obfuscated hosting. It is a small issue, admittedly.

      And no, not every lemmy is set up the same way. If you’re serious about hosting an online forum that can potentially host activist-adjacent content (might not be the case ? but you do host a lot of piracy content at least), you need to think about opsec more. Starting with not just running ansible as-is to “deploy everything”.

      • db0@lemmy.dbzer0.comOPM
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        There’s not enough time in the world to do all the opsec right and I’m not skilled enough anyway. I rely on the tools provided and hope they’re sufficient. I’m sorry this is not the best answer, but I’m only one guy and I have a life as well. One can only do so much.

        • TheCaconym [any]@hexbear.net
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          That’s fair enough, but if you’re really alone I suggest trying to find volunteers among your own instance. I say that kindly, you have 11k users already, you’ll either burn out or screw up eventually.