• Chevereto Support

    Support response

    • πŸ“… Tech Support and Bug Tracking are handled from 14 to 17 CLST. No weekend support. Response time within 14 days.
    • πŸ₯ Community Help is open 24/7 and is entirely user driven. Ask nicely and be polite with other users.
    • 🀴 Extra Support is delivered within 12 hours (average 6 hours).

    Support checklist

    • βœ… Confirm that your server meets the System Requirements
    • πŸ”₯ Check for any available Hotfix - your issue could be already reported/fixed
    • πŸ“š Read documentation - It will be required to Debug and understand Errors for a faster support response

    Requesting help

    • πŸ›Ž Open a Ticket if you need software support or assistance
    • 🐞 Open a Bug if you found something to report
    • πŸ‘‘ Purchase Extra Support to get direct priority email communication and assitance with the developer.

Exposing external storage server IPs

themago

Chevereto Member

Can you "kindly" stop responding like a pajeet and fix this major security flaw? fucking clown
 

HenrysCat

πŸ’– Chevereto Fan
How is this a security flaw? you can find ip of any website easily, extarnal storage or not, domains resolve to ip addresses.
 

Rodolfo

⭐ Chevereto Godlike
Chevereto Staff
Administrator
Chill and come back with a friendly apology.

By the way, if you care to not expose IPs then use local hostname overrides in your host machine. That's works universally in every application/software, if you care about that thing then that's what you use.
 

siddharth

πŸ’– Chevereto Fan
I can see that the issue he is pointed out can be fixed. Because it is exposing the IP on the front end. Incase if the SFTP is down and when a user trying to upload it is showing the IP of the server in the front end. I can see this from the screenshot.

Instead, we can just say that, there is some error in the upload without revealing more information about the host details.
 

JakeSully

πŸ’– Chevereto Fan
Beta tester
I can see that the issue he is pointed out can be fixed. Because it is exposing the IP on the front end. Incase if the SFTP is down and when a user trying to upload it is showing the IP of the server in the front end. I can see this from the screenshot.

Instead, we can just say that, there is some error in the upload without revealing more information about the host details.
still makes no sense, since ip is still exposed through it's url path if he has that set or you can just ping the subdomain or domain going to it and get ip anyway.

Still this isn't a security flaw.
 

siddharth

πŸ’– Chevereto Fan
still makes no sense, since ip is still exposed through it's url path if he has that set or you can just ping the subdomain or domain going to it and get ip anyway.

Still this isn't a security flaw.

You cannot find the IP if you use CloudFlare. So exposing the IP on the front end is the security flaw.
 

JakeSully

πŸ’– Chevereto Fan
Beta tester
You cannot find the IP if you use CloudFlare. So exposing the IP on the front end is the security flaw.
that depends some hosts cannot use cloudflare between. Then script fails to upload. Still it isn't a security flaw, to expose ip. Since ip is public thing anyway and can be found anyway in some way.
 

siddharth

πŸ’– Chevereto Fan
nope, it cannot be found in any way if you know how to hide it. I can hide the IP through the domain name, but if the script knows the IP, then it should not expose.

I am not going to argue anymore as you are not aware of what we are speaking.
 
  • Like
Reactions: rdn

HenrysCat

πŸ’– Chevereto Fan
https://www.shodan.io/ exposed my ip and my site is on cloudflare, why does it matter? my site is on 2 different VPS servers and both have over 1k login attemps blocked by fail2ban every day, hidden or not your server ip is out there.
 

siddharth

πŸ’– Chevereto Fan
https://www.shodan.io/ exposed my ip and my site is on cloudflare, why does it matter? my site is on 2 different VPS servers and both have over 1k login attemps blocked by fail2ban every day, hidden or not your server ip is out there.
Yes. You failed at certain practices that reveal your IP.

as @rdn said, all my CF site IP are also not exposed. Let me make you understand how they got your IP.

There are bots which will scan all the IP all over the world and reverse DNS it. And that is how they end up finding the IP to domain relationship and show it for you when you check for domain to IP.

Revealing your IP bring you more threats than not revealing it.

You are more vulnerable to hacks, DDoS and many other threats. Even through they are ways to prevent even after exposing it. For general users it is not safe.

that is why we few people who know things claiming that revealing the IP is security flaw.
 
Top