Home / GitHub Page

Security of server for web clipper


#1

Does the server function for web clipper expose PC to external attacks?
Is enough to set the firewall to block in/out connections from all IPs except 127.0.0.1:41184?

Could the open port 127.0.0.1:41184 be used to have access to PC?

Thanks


#2

Hi

127.0.0.1 is the internal IP of the machine, it can’t be accessed externally (address is not routable)

Remain risk may come from a local user on the machine accessing the web clipper


#3

Excuse me but I don’t understand. In principle, the server could be accessed through any port, right? So I thought to block external connections. I’m not an expert but reading this https://serverfault.com/questions/276963/make-apache-only-accessible-via-127-0-0-1-is-this-possible I got the doubt. Could you explain me, please?


#4

to access a service, you access it through a port - that’s right.
but any service can bind to a dedicated network interface (and it’s related IP address)
127.0.0.1 is bound to the local loopback - that’s the internal virtual network card of the machine.
eth0/wlan0/whatever is the physical network card and has a different IP address (192.168.0.1 in your example URL)

that’s more or less what’s explained in the 1st answer


#5

Ok. I think I understood. Your answer means that 127.0.0.1: 41184 can’t be used by external attackers because it is innately local. And what about my first question?

This should prevent external attacks through other ports, right?


#6

No, if you block all incoming and outgoing connections, you won’t have any communication to the Internet at all.
This question is also not related to Joplin and I can’t give you a course in TCP/IP and networking.

What you have to know is that the web clipper is not an attack vector for external adversaries.