←back to thread

Finding thousands of exposed Ollama instances using Shodan

(blogs.cisco.com)
166 points rldjbpin | 2 comments | 03 Sep 25 08:18 UTC | HN request time: 0.631s | source
Show context
ekianjo ◴[03 Sep 25 10:02 UTC] No.45114004[source]
Ollama has no auth mechanism by default... You have to wonder why they never focused on that
replies(6): >>45114024 #>>45114056 #>>45114140 #>>45114531 #>>45115062 #>>45116572 #
rvz[dead post] ◴[03 Sep 25 11:33 UTC] No.45114531[source]
[flagged]
Gormo ◴[03 Sep 25 12:42 UTC] No.45115032[source]
Ollama doesn't run a web server that is "broadcasting across the internet". It runs a server that is accessible locally. You have to deliberately deploy it onto a public server in order for it to be accessible from the internet.
replies(1): >>45116322 #
1. rvz ◴[03 Sep 25 14:34 UTC] No.45116322[source]
In all cases, having zero auth at all [0] even when others want to use it as a service to broadcast across the internet is ridiculous. Leading to problems like this: [1] and now all exposed without any protection.

Even allowing others to change the $OLLAMA_HOST env is a security footgun.

[0] https://github.com/ollama/ollama/issues/849

[1] https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2...

replies(1): >>45120147 #
2. Gormo ◴[03 Sep 25 20:37 UTC] No.45120147[source]
The idea is that you add an auth layer if that's what you want to do.

The majority of Ollama users at the moment are likely hobbyists working in single-user contexts.

For those who want to deploy it in an organizational setting, it's straightforward to put it behind a pre-existing authenticaton system.