this post was submitted on 02 Nov 2024
305 points (98.1% liked)

Technology

59086 readers
3485 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
305
Thousands of hacked TP-Link routers used in years-long account takeover attacks (arstechnica.com)
submitted 2 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
61 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pandapoo@sh.itjust.works 11 points 2 days ago (1 children)

They are frequently targeted because they offer enterprise grade configurations at consumer prices.

Which means, there's a lot that can be misconfigured, and a lot of short staffed and under budgeted IT departments that deploy them, which means they are a good payoff when exploited.

That's the bad part, and the good part.

You really cannot beat their price point to value for professional grade networking equipment. Just take the time to understand what you're doing when doing your configurations, and keep them updated.

[–] bane_killgrind@slrpnk.net 6 points 2 days ago (1 children)

Very little is changing over time... I have a proliant salvage server running proxmox with some hosts and the router only port forwards to an NGINX proxy manager instance for the web interfaces on those hosts. I run a synology NAS separate from the proliant hardware that runs through the proxy.

I know I don't understand it all, and i'm open to suggestions.

[–] pandapoo@sh.itjust.works 3 points 2 days ago* (last edited 2 days ago) (1 children)

Did you mean to send that reply to me?

I ask because I'm not quite sure what specific suggestions you're looking for.

But in general, I would suggest not exposing port forwarding.

What services are running behind NGINX? What router/firewall are you using?

[–] bane_killgrind@slrpnk.net 2 points 2 days ago

Yes, I attribute security significant misconfigurations to a lag between new service deployments and a relevant review by network security (in a business environment. At home it's just me.)

So I'm running Milestone VMS, Synology NAS and maybe in a day a minecraft server for the kids, which should all be available outside my home. I'm using the mikrotik HexPOE which is my main router/firewall.