Imatch Anywhere as a Portal?

Started by Josebr, December 06, 2022, 09:23:51 PM

Previous topic - Next topic

Josebr

I am thinking of creating a place where community street photographers of my community can post photos of their work both to show it and to create an archive of such photos. The general public would have access to view the photos, but not change or delete them. It any of this possible with Imatch Anywhere?

Mario

IMatch Anywhere is not designed to face "the internet" or to accept requests from unknown sources.
It is designed to be used in local (home) networks or protected corporate and institutional networks.
Please refer to the the corresponding section in the IMatch Anywhere documentation.

Securing a web server is a full-time job these days and it requires skill and dedicated "hardened" software. You can expect thousands of requests from bots each day, probing your web server for 0-day problems or unsafe applications with open ports. And when they find one, your PC will be hacked and included in a bot net - if you are lucky. Or all your data will be stolen ane encrypted.

As a minimum, place IMatch behind a hardened reverse proxy that checks every request for validity and discards unauthorized requests. And forwards only safe requests to IMWS.
If you run a VPN, ist might be safe to allow access to IMWS via it.

If you don't know what a reverse proxy is, or how to setup a VPN, don't open open a computer to the internet. Never.

Use a web site like Flickr or a FaceBook group or smugmug or similar photo sharing sites which are designed to withstand constant hacking attempts and bots. Many of these almost never fail, but even Flickr, Facebook, Adobe etc. got hacked in the past. The Internet is a unfriendly place.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

Josebr

Wow! That was the exact opposite response I expected to hear. I guess I will have to create such a portal from scratch using something like ExpressionEngine. Thanks for getting back to me Mario. God Bless and have an Excellent Holiday Season.

Mario

#3
Whatever works for you. Keep in mind that sites created with EE were hacked on multiple occasions in the past. As I said, the Internet is an unfriendly place and securing web sites is very, very hard.

This community gets about 1,000 bot requests each day, probing for various security holes, unsafe or hacked plug-ins and whatnot. My admin attack log is full every evening.

I know about sites running IMWS behind a reverse proxy, which makes it safe to use. But these are corporate/institutional users with IT staff and security know-how. I don't recommend this for end users.

This is not a fault or shortcoming of IMatch Anywhere.
It is just not designed to be used in hostile environments like the open Internet. It's for home networks, corporate networks or use via VPN or reverse proxies.

Corporate DAMs cost tens of thousands US$ per year or twice the perpetual cost of IMatch Anywhere per user per month. And even these DAMs have reported security breaches over the years.

If you plan to use the EE, make sure to read their security guidelines carefully and implement them.
Also keep an eye on the CVE database to learn about security issues discovered in EE quickly:
https://www.cvedetails.com/vulnerability-list/vendor_id-7662/Expressionengine.html

All the damned bot farms which are used so send billions of SPAM emails per day and for DOS attacks and worse don't come out of the blue sky. These bot farms consist of hacked PC's, hacked web sites, hacked IOT devices and routers.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

jch2103

Quote from: Josebr on December 06, 2022, 10:02:34 PMWow! That was the exact opposite response I expected to hear. I guess I will have to create such a portal from scratch using something like ExpressionEngine.

It would likely be much simpler to use one of the existing photo websites, as Mario mentioned. For example, Smugmug has a guest upload option: https://www.smugmughelp.com/en/articles/325-allow-guests-to-upload-photos#:~:text=Your%20guests%20can%20upload%20files,Be%20aware%20when%20you%20share!

You have lots of control over how this is done, including setting passwords, etc. Doing this may be well worth the cost compared to having to create your own solution. 
John