←back to thread

Finding thousands of exposed Ollama instances using Shodan

(blogs.cisco.com)
166 points rldjbpin | 1 comments | 03 Sep 25 08:18 UTC | HN request time: 0.198s | source
Show context
alexandru_m ◴[03 Sep 25 10:25 UTC] No.45114142[source]
Apparently, protecting the API is not planned: https://github.com/ollama/ollama/issues/849

For my own purposes I either restrict ollama's ports in the firewall, or I put some proxy in front of it that blocks access of some header with some predefined api key is not present. Kind of clunky, but it works.

replies(5): >>45114147 #>>45114943 #>>45114992 #>>45117832 #>>45120566 #
1. time0ut ◴[03 Sep 25 16:39 UTC] No.45117832[source]
That is unfortunate. Not because I think they should have to, but because they eventually will have to if it gets big enough. Never underestimate the ability of your users to hold it wrong.

The default install only binds to loopback, so I am sure it is pretty common to just slap OLLAMA_HOST=0.0.0.0 and move on to other things. I know I did at first, but my host isn't publicly routable and I went back the same night and added IPAddressDeny/Allow rules (among other standard/easy hardening).