Lukas MartiniApr 11, 2017

I just went around and did some basic nmap-ing on the most popular Mastodon instances, and there's some seriously sketchy stuff in there. Publicly reachable Postgres servers, tons of open internal HTTP ports, SSH with password login, multiple Mastodon instances that seem to be running on mail server VMs, …

I guess if you're just running a single-user instance for yourself, sure, but those are all 2000+ user instances.

Show threadJantsoPApr 11, 2017
@lutoma You should maybe open this a bit more. First of all, all affected services are run by manual installs, not docker images. Did some testing on known docker servers and all are only reporting HTTP/HTTPS, SSH and Docker ports open. Second: Sure, server has password auth, but do you know if they have any other security measures place after that? They could an two-way auth or something else waiting after that.
Show threadLukas Martini
@JantsoP I agree that in and for itself, most of these things aren't critical issues. But most of these look like typical mistakes made by inexperienced admins, which doesn't exactly instill confidence in other parts of the setup that aren't as easily publicly visible (but potentially more relevant for security).
Apr 11, 2017 at 12:51pmWeb