zlacker

[parent] [thread] 5 comments
1. danw19+(OP)[view] [source] 2025-12-18 07:54:06
The only time I have ever had a machine compromised in 30 years of running Linux is when I ran something exposed to the internet on a well known port.

I know port scanners are a thing but the act of using non-default ports seems unreasonably effective at preventing most security problems.

replies(3): >>jraph+t >>rainon+Ig >>tonypl+1d2
2. jraph+t[view] [source] 2025-12-18 08:00:35
>>danw19+(OP)
I do this too, but I think it should only be a defense in depth thing, you still need the other measures.
3. rainon+Ig[view] [source] 2025-12-18 10:35:57
>>danw19+(OP)
This is very, very, very bad advice. A non-standard port is not a defence. It’s not even slightly a defence.
replies(2): >>bostik+6r >>danw19+wL3
◧◩
4. bostik+6r[view] [source] [discussion] 2025-12-18 12:07:37
>>rainon+Ig
Correct. From what I understand, Shodan has had for years a search feature in their paid plans to query for "service X listening on non-standard port". The only sane assumption is that any half-decent internet-census[tm] tool has the same as standard by now.
5. tonypl+1d2[view] [source] 2025-12-18 20:49:52
>>danw19+(OP)
If you do any npm install, pip install ..., docker pull ... / docker run ... , etc in linux. It is very easy to get compromise.

I did docker pull a few times base on some webpost (looks reasonable) and detect app/scripts from inside the docker connect to some .ru sites immediately or a few days later....

◧◩
6. danw19+wL3[view] [source] [discussion] 2025-12-19 11:06:09
>>rainon+Ig
Did I at any point in my previous comment say that using non-standard ports was my only line of defence ?

Its security through obscurity, which puts you out of view of the vast majority of the chaos of the internet. It by no means protects you from all threats.

[go to top]