←back to thread

Finding thousands of exposed Ollama instances using Shodan

(blogs.cisco.com)
166 points rldjbpin | 1 comments | 03 Sep 25 08:18 UTC | HN request time: 0.375s | source
Show context
deadbabe ◴[03 Sep 25 10:06 UTC] No.45114029[source]
The stakes aren’t that high yet for Ollama to warrant cumbersome auth mechanisms.
replies(2): >>45114139 #>>45114224 #
jychang ◴[03 Sep 25 10:24 UTC] No.45114139[source]
Yeah, I don't think most people who even run ollama would care. "Oh no, someone found my exposed instance, which means my computer in my bedroom is burning electricity for the past few hours. Oh well, I lost a few pennies in electricity." Shuts down Ollama on the computer.

Seriously, this is extremely mild as far as issues go. There's basically no incentive to fix this problem, because I bet even the people who lost a few pennies of electricity would still prefer the convenience of ollama not having auth.

Plus, that's the worst case scenario, in real life even if some black hat found an exposed ollama service, they have no interest in generating tokens for <insert random LLM here at 4 bit quant> at a slow speed of <50tok/sec.

replies(3): >>45114209 #>>45114213 #>>45114232 #
1. ekianjo ◴[03 Sep 25 10:38 UTC] No.45114209[source]
That is assuming you cannot exploit the server to get access to the machine...