Lukas MartiniApr 11, 2017

I just went around and did some basic nmap-ing on the most popular Mastodon instances, and there's some seriously sketchy stuff in there. Publicly reachable Postgres servers, tons of open internal HTTP ports, SSH with password login, multiple Mastodon instances that seem to be running on mail server VMs, …

I guess if you're just running a single-user instance for yourself, sure, but those are all 2000+ user instances.

Show threadIan Littman
@lutoma A user friendly tool you could run on (an/your own) instance, even if it's just a bash script in a Gist, may help with this. Wonder whether the default Docker setup is secure.
Apr 11, 2017 at 5:43pmWeb