Security concerns and missing file on ARM version

Support for Tonido on the Desktop including Windows/Mac/Linux
Rookie Tonidoid
Rookie Tonidoid
Posts: 1
Joined: Thu Dec 31, 2015 5:17 pm

Security concerns and missing file on ARM version

Postby darkhand » Mon Jan 04, 2016 2:20 pm

Hi guys! I've installed Tonido and found it to be the fastest personal cloud software I've tried to date. There are a few things keeping me from running it permanently though:

1. The primary account's username is exposed to the world. Upon visiting my main Tonido page, my username is shown to the public, and only a password field is used. Not a problem when using the relay I suppose, but I have a port open specifically for Tonido using my own DNS, and the username is shown to anyone who scans my IP or connects.

2. Bad password attempts don't appear to be logged. If they were, I could use a service such as fail2ban to monitor the log file and ban malicious IPs that attempt to brute force a password. Does Tonido do anything internally against brute force password attempts?

3. is missing from the ARMv6 build. I'm running Debian Jessie and the Jessie repositories do not have Libjpeg v8. I had to backport a package from Debian Sid to get the file and get Tonido to run.

I think those 3 things would make a huge difference and be a big help to everyone!
Thanks in advance for a great product!

Return to “Tonido Software”

Who is online

Users browsing this forum: No registered users and 8 guests