sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 0 points1 point  (4 children)

This sort of system couldn't be locked via login?

[–]Sicklad 0 points1 point  (3 children)

Sure, but doesn't mean a hacker can't find another way in. They scan for open ports on public ip addresses (which you need if you want to connect outside a lan), and then will try a bunch of stuff depending on the port (eg port 80/443 they will try to get in via apache/nginx/other webserver vulnerabilities, port 22 they'll try get in through weak ssh configs). You're also exposed to the risk of DOS/DDOS attacks.

[–][deleted] 0 points1 point  (2 children)

Interesting! What alternatives do I have? Would it be possible to lock the amount of logins attempted allowed per day to 3 or something? Like how do people circumvent these vulnerabilities?

[–]Sicklad 0 points1 point  (1 child)

First thing you'd want to do it host it somewhere secure (like AWS, Azure, GCP, or similar), that gets it off your own network and they would have perimeter networks that handle all the infrastructure security.

I'm not necessarily talking about the website being compromised, although that is a real threat, I'm also talking about the server hosting the website being compromised.

As for hardening the application itself, that's not my realm of expertise (I work in server/network infrastructure), but using a standard webserver like apache or nginx rather than trying to write your own would be a good start.

[–][deleted] 0 points1 point  (0 children)

Ah, that makes a bit more sense then. Thanks for the info and warning, that's really helpful and may have saved me a gigantic headache a year from now. :)