How to secure Jellyfin hosted over the internet?

λλλ@programming.dev · 3 days ago

How to secure Jellyfin hosted over the internet?

sludge@lemmy.ml · edit-2 2 days ago

And since i don’t post my valid urls anywhere no web-scraper can find them

You would ah… be surprised. My urls aren’t published anywhere and I currently have 4 active decisions and over 300 alerts from crowdsec.

It’s true none of those threat actors know my valid subdomains, but that doesn’t mean they don’t know I’m there.

Gagootron@feddit.org · 2 days ago

Of course i get a bunch of scanners hitting ports 80 and 443. But if they don’t use the correct domain they all end up on an Nginx server hosting a static error page. Not much they can do there

DefederateLemmyMl@feddit.nl · 1 day ago

This is how I found out Google harvests the URLs I visit through Chrome.

Got google bots trying to crawl deep links into a domain that I hadn’t published anywhere.

zod000@lemmy.ml · edit-2 1 day ago

This is true, and is why I annoyingly have to keep robots.txt on my unpublished domains. Google does honor them for the most part, for now.

DefederateLemmyMl@feddit.nl · edit-2 1 day ago

That reminds me … another annoying thing Google did was list my private jellyfin instance as a “deceptive site”, after it had uninvitedly crawled it.

A common issue it seems.

zod000@lemmy.ml · 8 hours ago

Unsurprising, but still shitty. Par for the course for the company these days.

Nibodhika@lemmy.world · 15 hours ago

They did that with most of my subdomains