I’ve migrated from cloudflare pages to cloudflare tunnels as I wanted to do a little bit more.

I can’t segregate my network as my ISPs router is rather limited, which means no vLANs. Connecting another router would introduce a double nat as they don’t allow bridging. So I’m running my website basically “raw” in a hyperV virtual machine. the website is semi-static and made out of flatfiles, therefore it’s is quite impossible to login into it. as stated before i’m using cloudflare tunnels to expose a nginx server to the interner. what are the chances someone or something (bot) inflataring my network? 100% safety is not possible but how safe am i?

    • pastelstocking@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Everything has some sort of vulnerability, the qestion is will someone be assed to abuse it.(rheotical question)

      • djgizmo@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Not so much will someone be assed about it, it’s whether a script will pick you up your server. There’s a ton of aggregation search engines that scan most IPv4 addresses and list them on what ports are open etc. such as Shodan.io

        Like I said, safeish.

        • weeman45@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          As far as i understood it a cloudflare tunneled service should not be visible when port scanning. Or am i completely wrong here? I started using tunnels just so i can avoid opening ports to the internet. I also restricted the access to my services to specific countries.

          • djgizmo@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            The only thing a CF tunnel does is protect your home IP. Doesn’t protect the app or server you’re exposing.

            • amizzo@alien.topB
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Well it does slightly more than just obfuscating your home IP, in that it will also do automatic bot, DDOS prevention, etc…

              • djgizmo@alien.topB
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Nothing will stop a general scan from happening. Especially if it’s a slow scan.

                Scans won’t trigger dos/ddos alerts.

                • amizzo@alien.topB
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Well yeah, that would get your host IP…if they’re doing a general scan of whole ISP IP ranges (Which nothing could really stop, except for a good firewall). But there is much more low-hanging fruit for hackers than to scan tens of thousands of unoccupied subnets.

                  • djgizmo@alien.topB
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 year ago

                    Ilulz. Automated scans cost nothing in resources. That would not find a host IP, it’d find the public Ip and open port.

                • pastelstocking@alien.topOPB
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  tunnels are reverse-portforwarding. ports aren’t open on my network but on theirs.

                  anyways i moved back on VPS because im not 100% sure what is my ISPs stance lmao. and since i cant have much control with my internal network for now, id rather stay away but i def wanna host at home eventually