• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • ๐Ÿ˜Œ This community is user driven. Be polite with other users.
    • ๐Ÿ‘‰ Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • ๐Ÿ’ธ Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Exposing external storage server IPs

themago

Chevereto Member

Can you "kindly" stop responding like a pajeet and fix this major security flaw? fucking clown
 
How is this a security flaw? you can find ip of any website easily, extarnal storage or not, domains resolve to ip addresses.
 
Chill and come back with a friendly apology.

By the way, if you care to not expose IPs then use local hostname overrides in your host machine. That's works universally in every application/software, if you care about that thing then that's what you use.
 
I can see that the issue he is pointed out can be fixed. Because it is exposing the IP on the front end. Incase if the SFTP is down and when a user trying to upload it is showing the IP of the server in the front end. I can see this from the screenshot.

Instead, we can just say that, there is some error in the upload without revealing more information about the host details.
 
I can see that the issue he is pointed out can be fixed. Because it is exposing the IP on the front end. Incase if the SFTP is down and when a user trying to upload it is showing the IP of the server in the front end. I can see this from the screenshot.

Instead, we can just say that, there is some error in the upload without revealing more information about the host details.
still makes no sense, since ip is still exposed through it's url path if he has that set or you can just ping the subdomain or domain going to it and get ip anyway.

Still this isn't a security flaw.
 
still makes no sense, since ip is still exposed through it's url path if he has that set or you can just ping the subdomain or domain going to it and get ip anyway.

Still this isn't a security flaw.

You cannot find the IP if you use CloudFlare. So exposing the IP on the front end is the security flaw.
 
You cannot find the IP if you use CloudFlare. So exposing the IP on the front end is the security flaw.
that depends some hosts cannot use cloudflare between. Then script fails to upload. Still it isn't a security flaw, to expose ip. Since ip is public thing anyway and can be found anyway in some way.
 
nope, it cannot be found in any way if you know how to hide it. I can hide the IP through the domain name, but if the script knows the IP, then it should not expose.

I am not going to argue anymore as you are not aware of what we are speaking.
 
  • Like
Reactions: rdn
https://www.shodan.io/ exposed my ip and my site is on cloudflare, why does it matter? my site is on 2 different VPS servers and both have over 1k login attemps blocked by fail2ban every day, hidden or not your server ip is out there.
 
https://www.shodan.io/ exposed my ip and my site is on cloudflare, why does it matter? my site is on 2 different VPS servers and both have over 1k login attemps blocked by fail2ban every day, hidden or not your server ip is out there.
Yes. You failed at certain practices that reveal your IP.

as @rdn said, all my CF site IP are also not exposed. Let me make you understand how they got your IP.

There are bots which will scan all the IP all over the world and reverse DNS it. And that is how they end up finding the IP to domain relationship and show it for you when you check for domain to IP.

Revealing your IP bring you more threats than not revealing it.

You are more vulnerable to hacks, DDoS and many other threats. Even through they are ways to prevent even after exposing it. For general users it is not safe.

that is why we few people who know things claiming that revealing the IP is security flaw.
 
Back
Top