I was thinking about setting up a NextCloud server.
Is it worth it at this point? I would love to upgrade my current file server with a fancy web GUI, but i dont want my stuff snooped on. ESPECIALLY if they are just going to go tattle on me to my ISP.
I could always deny HTTP access from any IPs that don't belong to my VPN, but that seems like a lot of trouble.
the security scanner just does a http get on the version page. they told the government agencies who sent notifications to ISPs.
nextcloud (company) cannot access your files. this is just to see if the instance is vulnerable.
Yeah, but IF it is vulnerable I don't want them to broadcast that it might be possible to see my stuff.
If I went from bank to bank inspecting their vaults for issues, or their security system for holes, thats one thing. It becomes an entirely different animal if I turn around and start distributing information on which bank is vulnerable to what kind of exploit
thats the point of open source. you can see when it is vulnerable.
would you prefer to find out your software is vulnerable by someone accessing it?
I think that if they are going to tell anyone that a server under my control is compromised, it should be me. Broadcasting to the entire world that "hey, this guys server at this address is vulnerable" seems a little immature.
It just seems shady to me.
the people who put it up on twitter told the world. next cloud told gov agencies, who alerted isp's who sent letters to the users. nothing was made public except from those who chose to.
most servers in public domain are constantly scanned by crackers anyway. At least this way you get an early warning to update.
Yeah - tiney domain - nothing realy valuable except the public IP - so to say; getting about 100-200 scans a day from various bots - no not search engines - port scans, probing, and crawling specific directories that are part of wordpress/drupal/next(own)cloud/joomla/ .... .... ....