Most active commenters

    ←back to thread

    Finding thousands of exposed Ollama instances using Shodan

    (blogs.cisco.com)
    166 points rldjbpin | 15 comments | 03 Sep 25 08:18 UTC | HN request time: 0.443s | source | bottom
    1. ekianjo ◴[03 Sep 25 10:02 UTC] No.45114004[source]
    Ollama has no auth mechanism by default... You have to wonder why they never focused on that
    replies(6): >>45114024 #>>45114056 #>>45114140 #>>45114531 #>>45115062 #>>45116572 #
    2. muldvarp ◴[03 Sep 25 10:06 UTC] No.45114024[source]
    Should have asked an LLM to write one.
    3. cedws ◴[03 Sep 25 10:11 UTC] No.45114056[source]
    I don’t think it was intended for production workloads.
    4. 47282847 ◴[03 Sep 25 10:25 UTC] No.45114140[source]
    Separation of concerns?

    If you deploy a power plug outside your house, is it the fault of the power plug designer if people steal your power?

    Put it behind a webserver with basic auth or whatever you fancy, done.

    replies(1): >>45114194 #
    5. ekianjo ◴[03 Sep 25 10:36 UTC] No.45114194[source]
    Bad analogies are bad analogies. ollama is a server system, it should expect to connect with more than one client and they know very well by now that this also means networked clients. If you create a server client protocol, implementing security is your job.
    replies(5): >>45114234 #>>45114298 #>>45116601 #>>45116716 #>>45117190 #
    6. phito ◴[03 Sep 25 10:42 UTC] No.45114234{3}[source]
    Any decent router is going to block connections from internet to your local network by default. For ollama to be accessible from the outside, they had to allow it explicitly. There's no way to blame ollama for this.
    7. graemep ◴[03 Sep 25 10:53 UTC] No.45114298{3}[source]
    Lots of servers do not, Redis for instance does not have auth by default, and IIRC did not have auth at all for a long time.
    8. Gormo ◴[03 Sep 25 12:42 UTC] No.45115032[source]
    Ollama doesn't run a web server that is "broadcasting across the internet". It runs a server that is accessible locally. You have to deliberately deploy it onto a public server in order for it to be accessible from the internet.
    replies(1): >>45116322 #
    9. A4ET8a8uTh0_v2 ◴[03 Sep 25 12:45 UTC] No.45115062[source]
    As cynical as I am, I honestly don't think there is much to wonder about here. The initial product's adoption relied on low friction and minimal setup. That they wanted to keep it going as long as possible is just an extension of this.
    10. rvz ◴[03 Sep 25 14:34 UTC] No.45116322{3}[source]
    In all cases, having zero auth at all [0] even when others want to use it as a service to broadcast across the internet is ridiculous. Leading to problems like this: [1] and now all exposed without any protection.

    Even allowing others to change the $OLLAMA_HOST env is a security footgun.

    [0] https://github.com/ollama/ollama/issues/849

    [1] https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2...

    replies(1): >>45120147 #
    11. Zambyte ◴[03 Sep 25 14:57 UTC] No.45116572[source]
    The dockerd TCP socket has no auth mechanism by default... You have to wonder why they never focused on that.
    12. Zambyte ◴[03 Sep 25 14:59 UTC] No.45116601{3}[source]
    > If you create a server client protocol, implementing security is your job.

    Yes, this goes right along with the tried and true Unix philosophy: do everything, poorly. Wait what?

    13. kube-system ◴[03 Sep 25 15:09 UTC] No.45116716{3}[source]
    The client-server pattern is frequently used locally.
    14. jrm4 ◴[03 Sep 25 15:50 UTC] No.45117190{3}[source]
    I cannot express how deeply wrong you are about this; a "server system" is not some mandate that it should be production ready for a ton of people on the internet.

    This is a program that very different people want or need to try out that just so happens to involve a client-server architecture.

    15. Gormo ◴[03 Sep 25 20:37 UTC] No.45120147{4}[source]
    The idea is that you add an auth layer if that's what you want to do.

    The majority of Ollama users at the moment are likely hobbyists working in single-user contexts.

    For those who want to deploy it in an organizational setting, it's straightforward to put it behind a pre-existing authenticaton system.