GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    feld (feld@bikeshed.party)'s status on Sunday, 16-Jul-2023 08:37:21 JSTfeldfeld
    in reply to
    • Alex Gleason
    • feld
    • ​🇧​​🇷​​🇴​​🇳​​🇿​​🇪​​🇦​​🇬​​🇪​​🇭​​🇴​​🇬​​🇨​​🇷​​🇦​​🇳​​🇰​​🇪​​🇷​
    A nice trick we used to do was to configure the firewall to disallow the user running the webserver (e.g., apache) from being able to send outbound traffic.

    It still works fine as a webserver, as it's not initiating the connection. But if someone finds a vulnerability and hacks the server, their attack can't make any network requests outbound to establish comms with the C&C server, download payloads, etc.

    You can still do that today but web stacks are getting complex and even the webserver may be making network requests to the open internet. Though if it was only to specific APIs you could allow that too...
    In conversationSunday, 16-Jul-2023 08:37:21 JST from bikeshed.partypermalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.