WingNews logo WingNews
top | item 23729139

(no title)

anticonformist | 5 years ago

The author seems to have missed the true root cause here here. Which was exposing VNC and NoMachine to the internet in the first place. These services should have been accessed through ssh port forwarding (or using a VPN). Password auth should always be disabled on ssh and keys should be used.

Very few daemons are secure enough to expose to the open internet. OpenSSH is one of the few.

(And, if possible, even network access to ssh should be blocked by the cloud provider's firewall. Access should only be permitted from the user's public IP)

discuss

order

russellbeattie|5 years ago

LOL, I was wondering how long it would be before someone commented, ignoring the entire first part of his post and blames the victim. Not that long it turns out!

As I was wading through paragraph after paragraph where the author acknowledged fault and berated himself for it, I was thinking, "This is annoying, but I know if he doesn't write all this crap, someone out there will just ignore everything else he writes. They probably will anyways..."

And sure enough, here you are!

Moral of this story for people who write things online: Don't worry about the critics. You can't please them no matter what you write, or how much you bow and scrape and beg forgiveness for your human frailty up front, there will always be someone who will be a jerk.