alt Hacker NewsThe only time I have ever had a machine compromised in 30 years of running Linux is when I ran something exposed to the internet on a well known port.
I know port scanners are a thing but the act of using non-default ports seems unreasonably effective at preventing most security problems.
Replies
tonyplee • last Thursday at 8:49 PM
If you do any npm install, pip install ..., docker pull ... / docker run ... , etc in linux. It is very easy to get compromise.
I did docker pull a few times base on some webpost (looks reasonable) and detect app/scripts from inside the docker connect to some .ru sites immediately or a few days later....
jraph • last Thursday at 8:00 AM
I do this too, but I think it should only be a defense in depth thing, you still need the other measures.
This is very, very, very bad advice. A non-standard port is not a defence. It’s not even slightly a defence.