JamieKitson Posted February 26, 2016 Report Share Posted February 26, 2016 Would it be madness to make the webgui available publicly, or is this ok as long as you use a strong password? Do attackers have as long as they like to brute force the credentials, or is there some rate limiting and/or IP banning on failed logins implemented by BTSync? Quote Link to comment Share on other sites More sharing options...
Moe Posted February 29, 2016 Report Share Posted February 29, 2016 You can use something like Fail2Ban which is a great tool or you can read this: https://danieldk.eu/Posts/2015-10-18-erp.html especially the last paragraph. Whatever suits your needs. If you are using the SSH version, your question also applies there. So make sure you use a good SSH configuration. Quote Link to comment Share on other sites More sharing options...
JamieKitson Posted March 1, 2016 Author Report Share Posted March 1, 2016 Thanks, I didn't realise it was so easy to set up an SSH tunnel. Quote Link to comment Share on other sites More sharing options...
abramq Posted March 22, 2016 Report Share Posted March 22, 2016 When we want to use PI oustide, we have to open (and forward) ports for SSH on our routers. As I know it is visible outside for others, that a port is opened here. Does it menas that more "hackers" will try get in and - finally - our internet connection will be more jammed than when we have all ports closed? Will our bandwidth get slowly? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
RomanZ Posted March 23, 2016 Report Share Posted March 23, 2016 @abramq In short: If you are not forwarding wide ranges of ports it is pretty much safe, the extra load is minimal. In details: "visibility" of forwarded ports depends on where it is forwarded to and usually is checked with TCP handshake sequence. Your router plays rather passive role here, i.e. if there is no one responses from the location where forwarding points to, no one will know that port is open. The handshake itself is very lightweight, so even if you'll get scanned all the time from internet (which is very unlikely), it won't throttle your connection. The main thing I would care about is to ensure that your PI has static IP and your DHCP server is aware of that. Otherwise, you may get your SSH port forwarded to some entity in your network that you may not want to expose. Quote Link to comment Share on other sites More sharing options...
JamieKitson Posted March 23, 2016 Author Report Share Posted March 23, 2016 What's "PI"? Quote Link to comment Share on other sites More sharing options...
abramq Posted March 23, 2016 Report Share Posted March 23, 2016 3 minutes ago, JamieKitson said: What's "PI"? https://www.raspberrypi.org/ Quote Link to comment Share on other sites More sharing options...
abramq Posted March 23, 2016 Report Share Posted March 23, 2016 1 hour ago, RomanZ said: @abramq In short: If you are not forwarding wide ranges of ports it is pretty much safe, the extra load is minimal. In details: "visibility" of forwarded ports depends on where it is forwarded to and usually is checked with TCP handshake sequence. Your router plays rather passive role here, i.e. if there is no one responses from the location where forwarding points to, no one will know that port is open. The handshake itself is very lightweight, so even if you'll get scanned all the time from internet (which is very unlikely), it won't throttle your connection. The main thing I would care about is to ensure that your PI has static IP and your DHCP server is aware of that. Otherwise, you may get your SSH port forwarded to some entity in your network that you may not want to expose. Thank you, very clear now :-) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.