|
|
|
|
|
|
by whybotherwith
1818 days ago
|
|
|
>In NewsBlur’s case, because NewsBlur is a home of free speech, allowing users in countries with censored news outlets to bypass restrictions and get access to the world at large, the continuing risk of supporting anonymous Internet traffic is worth the cost. This, the backups, the write-up, all make it really hard for me to want to victim-blame the dev for not catching a very silly Docker default. That having been said
- public ip?
- no fw?
- no password on the mongod instance? Idk, couldn't be me, not even in dev, just take the 20 seconds to plumb the pw to both sides. Modding me down won't change these facts and won't keep you from being compromised if you take the same lazy steps |
|
|
That said, some external firewall would prevent this. My VPS provider allows me to configure which ports I want to expose to the outside world which would mitigate this kind of issue.