Lukas MartiniApr 11, 2017

I just went around and did some basic nmap-ing on the most popular Mastodon instances, and there's some seriously sketchy stuff in there. Publicly reachable Postgres servers, tons of open internal HTTP ports, SSH with password login, multiple Mastodon instances that seem to be running on mail server VMs, …

I guess if you're just running a single-user instance for yourself, sure, but those are all 2000+ user instances.

Show threadkaiyou
@lutoma That's pretty cool if you are doing it legally. Next step would be alerting the admin contact about the most obvious mistakes.
Apr 11, 2017 at 7:20pmWeb
Show threadLukas MartiniApr 11, 2017
@kaiyou Yes, I plan to talk to each admin as soon as I have time to do so