JamieKitson

Security of the webgui

Recommended Posts

Would it be madness to make the webgui available publicly, or is this ok as long as you use a strong password? Do attackers have as long as they like to brute force the credentials, or is there some rate limiting and/or IP banning on failed logins implemented by BTSync?

Share this post


Link to post
Share on other sites

When we want to use PI oustide, we have to open (and forward) ports for SSH on our routers. As I know it is visible outside for others, that a port is opened here. Does it menas that more "hackers" will try get in and - finally - our internet connection will be more jammed than when we have all ports closed? Will our bandwidth get slowly?

Thanks in advance!

Share this post


Link to post
Share on other sites

@abramq In short: If you are not forwarding wide ranges of ports it is pretty much safe, the extra load is minimal.

In details: "visibility" of forwarded ports depends on where it is forwarded to and usually is checked with TCP handshake sequence. Your router plays rather passive role here, i.e. if there is no one responses from the location where forwarding points to, no one will know that port is open. The handshake itself is very lightweight, so even if you'll get scanned all the time from internet (which is very unlikely), it won't throttle your connection.

The main thing I would care about is to ensure that your PI has static IP and your DHCP server is aware of that. Otherwise, you may get your SSH port forwarded to some entity in your network that you may not want to expose.

Share this post


Link to post
Share on other sites
1 hour ago, RomanZ said:

@abramq In short: If you are not forwarding wide ranges of ports it is pretty much safe, the extra load is minimal.

In details: "visibility" of forwarded ports depends on where it is forwarded to and usually is checked with TCP handshake sequence. Your router plays rather passive role here, i.e. if there is no one responses from the location where forwarding points to, no one will know that port is open. The handshake itself is very lightweight, so even if you'll get scanned all the time from internet (which is very unlikely), it won't throttle your connection.

The main thing I would care about is to ensure that your PI has static IP and your DHCP server is aware of that. Otherwise, you may get your SSH port forwarded to some entity in your network that you may not want to expose.

Thank you, very clear now :-)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.