[mythtv-users] (no subject)
Jacob Steenhagen
jacob at steenhagen.us
Tue Oct 3 20:49:11 UTC 2006
> Don't the spiders just follow links? Someone posted urls Google
> had found for MythWeb installations running on non-standard ports,
> but how do you suppose Google found them? It's probably because
> people put MythWeb on a non-standard port and then put a convenient
> link to the non-standard port from their server's normal pages.
That's one very real possibility. They could also have clicked a link w/in
mythweb to a site that had publicly accessible weblogs (a bad idea in
itself), bookmarked it using a third party service that makes bookmarks
publicly available or a few other things.
> [...] the least you could do is NOT put a link to your MythWeb
> installation out there where the bots can find it....
Yep. That can be on a non-standard port or just at a non-standard URL...
they are actually both equally effective (eg,
http://myth.mycomputer.ext/s3cr3t). The key is to not let the URL become
pubicly known. However, that's all just secuirty through obscurity and can
be quite easily comprimised by even accidently doing one of the above
actions.
The best bet is to actually secure your install with a password of some
sort. I'd bet if you thought about it long enough, you could probably come
up with the URL to my install (no, it's not www.steenhagen.us/mythweb, but
it's not super-obscure either). But once you found it, you'd be greated
with a password dialog (after the non-trusted SSL cert warning). I'm not
saying it's hack proof, very few things are, but it's good enough (TM).
--
http://www.steenhagen.us/~jake/blog/
More information about the mythtv-users
mailing list