Subnostr

folks do u know if local instance of #nextcloud even if not open to public or via .onion only DOES BROADCAST or LEAKS files or contents UPSTREAM to other file servers by any chance ? just checking #asknostr #backdoor content leaker

nostr:npub1qe3e5wrvnsgpggtkytxteaqfprz0rgxr8c3l34kk3a9t7e2l3acslezefe

nostr:npub16v82nr4xt62nlydtj0mtxr49r6enc5r0sl2f7cq2zwdw7q92j5gs8meqha

nostr:npub1x0r5gflnk2mn6h3c70nvnywpy2j46gzqwg6k7uw6fxswyz0md9qqnhshtn

nostr:npub12rrvutnfeu9677d4yjytypqccjn0njnm6zkx2j6xyn2uqfw02ldsrl8ty9

nostr:npub1lxzaxzge0jq9u9cecucctdt5lslwgp7hcxmp2l0wn8r2ecjenwasu6svxa

nostr:npub15ww3nmpr3tcmzjuv7dsct2fnk9qln98zlaapxgayewm970vg7c0q3wqdm3

nostr:npub1ry5wud2c748rzexcr5nvxhsj8sj5htsjsd2dwcta0lvx94cdng4s8e5a5f

i know it has bugs n issues for many new modules untested or unverified modles esp php

looking to find anyone come across any #backdoor code leaking files to others without permission once u mapped some remote drives even within secured vpn/lan.

Reply to this note

Please Login to reply.

Discussion

captjack 🏴‍☠️✨💜 1y ago

in particular the EXTERNAL LINKING STORAGE module

G.M.Joe 1y ago

As long as you don't use any "Integration" Add-ons (for Dropbox or Google) and the federated cloud add-on it should not leak any files or data. Using nextcloud since it was called owncloud. Piece of mind.

captjack 🏴‍☠️✨💜 1y ago

good points thanks - not care much hacking or using unverified module in production - hardening or using reverse fixes that IF opening to public/limited friends on demand via onion

1. NO REASON use dropbox / google / onedrive - whole reason avoiding them their free snooping offers.

2. Federated chain delegation thing is new to me - so long link such server keep all private seems ok

3. At account admin level there are enough security - which group - OTP - folder permission etc

even sharing via clearnet or onion SOME movies/pics

so far i notice in docker its pretty fast even after REDUCING CPU threads of NGINX

captjack 🏴‍☠️✨💜 1y ago

reverse proxy - haproxy caddy nginx2nd in front

2 NOT link

captjack 🏴‍☠️✨💜 1y ago

just tested few stuff my docker instance running dummy domain locally perfectly fine (otp enabled) cannot reached even if opened to outside. some trusted domain etc config needed. so good not accessible.

saw it making few outing internet connection - just for update etc maybe - its very sensitive any domain ssl cert changes once somehow running. i can spin another doocker domore tests instead breaking this.

primary use NAS + media server is best for now. other bells n whistles later that may leak data create problems.

Skipper 1y ago

I don't use Nextcloud anymore.