[SoftTalker]

Among the common vulnerabilities listed:

> Outdated Wordpress plugins and CMS systems

No surprise, having worked in edu the following scenario was very common:

1) Researcher gets a grant for a project

2) Grad student sets up a Drupal site for the project

3) Things are maintained and updated for a couple of years

4) Grant runs out, project wraps up, student graduates, everyone forgets about the server which sits unattended and unmaintained.

Still happens, but most universites have really clamped down on the ability to just stand up a web server on the network. Many are requiring everything to be on a centrally managed enterprise CMS which is a PITA but that's the fallout for too much sloppy administration.

[semi-extrinsic]

At my old university ~15 years ago, all IPs of all computers were public IPV4 addresses. Any computer plugged in to any ethernet port on campus was given such a "quasi-static" IP address. All normal ports were open - ssh, http(s), you name it. It was the OG zero trust architecture.

[foobarian]

Ah the good old days of putting my head down at my desk lulled into a nap by the once-a-second sounds of ssh login attempt logs being written to the spinning rust drive...

[yjftsjthsd-h]

> At my old university ~15 years ago, all IPs of all computers were public IPV4 addresses. Any computer plugged in to any ethernet port on campus was given such a "quasi-static" IP address.

Well that's fine; my school did the same thing and other than feeling wasteful there was no-

> All normal ports were open - ssh, http(s), you name it. It was the OG zero trust architecture.

Oh. Yeah, open ports by default is... and interesting life choice.

[morkalork]

When you're living in the residences and there's a DC++ server running, it's pretty sweet. Ours had a whole 1.5TB of stuff on it!

[VoidWhisperer]

Was this RIT by any chance?

[fecal_henge]

This just got cancelled at my institution. I could have retained it if I argued strongly enough.

[DaSHacka]

My university does the same, except they understand the concept of "firewalls"

[dehrmann]

I used to have the public IP address of the computer in my dorm room memorized. It's been 20 years, and I still remember it started with 128.211.

[rahimnathwani]

Only computers?

At my old university even printers had public IP addresses.

[pjc50]

I loved that era and it was hugely educational to me, but I can understand why it had to end.

[guappa]

How am I going to work from home if my computer at university is not recheable?

[akeck]

MIT and their /8?

[kevin_thibedeau]

The low friction solution is to serve public_html from a home dir and direct users to generate static sites.

[notyourwork]

Yep, I remember having ssh access to production servers from a non-work machine at a well known university.

We could also get external ips and connectivity without much supervision. Core security needs to be prioritized to avoid this from happening.