Comments (10)
ComfyUI-Manager support advanced security options.
https://github.com/ltdrdata/ComfyUI-Manager#security-policy
from comfyui.
hmm.... It seems that we need to warn for that.
from comfyui.
It's just a test server that I do have setup to access remote to test stuff before I move workflows to a production server. I'm running on a custom port well into the 10k's. I really don't have any idea how it got added and I always grab custom nodes directly from the manager in its default settings. I'll dig around more this evening as I'm really curious how it got there.
Whatever that script does (mining multi chains I assume), my GPU was pegged at 100% all night. The room temp was blazing hot. That is what caught my attention because that 4090 rarely gets used and never gets over about 50C.
It seems I need to provide an option for the remote environment to disable installing via git URL and allow installations only through a whitelist.
If you have installed the manager in an environment that is accessible remotely, it could be an attack vector.
I will update it to be disabled by default if the listen IP is not 127.x.x.x.
from comfyui.
Looks like it's from: https://github.com/NullBulgeGroup/comfyui-terminal
Any idea how this could have been installed? Do you have a publicly accessible ComfyUI instance with the manager on it?
This only seems to be able to run the miner by queuing a specific workflow which means that the person needs access to your ComfyUI instance.
If you want to run a publicly accessible ComfyUI I don't really recommend it but if you do you should only use the base nodes and never have the manager installed because it lets anyone install and run anything on your instance.
I assume the method of distribution for this is just someone scanning random ips on the default ComfyUI port for open ComfyUI instances with the manager installed.
from comfyui.
It's just a test server that I do have setup to access remote to test stuff before I move workflows to a production server. I'm running on a custom port well into the 10k's. I really don't have any idea how it got added and I always grab custom nodes directly from the manager in its default settings. I'll dig around more this evening as I'm really curious how it got there.
Whatever that script does (mining multi chains I assume), my GPU was pegged at 100% all night. The room temp was blazing hot. That is what caught my attention because that 4090 rarely gets used and never gets over about 50C.
from comfyui.
in the meantime, i manually recreated the comfyui-terminal folder in custom_nodes and removed permissions from it via chmod
yeah, not exactly an ideal setup for my remote access, figured most port scanners don't typically scan that high
disabled for now
from comfyui.
It's just a test server that I do have setup to access remote to test stuff before I move workflows to a production server. I'm running on a custom port well into the 10k's. I really don't have any idea how it got added and I always grab custom nodes directly from the manager in its default settings. I'll dig around more this evening as I'm really curious how it got there.
Whatever that script does (mining multi chains I assume), my GPU was pegged at 100% all night. The room temp was blazing hot. That is what caught my attention because that 4090 rarely gets used and never gets over about 50C.It seems I need to provide an option for the remote environment to disable installing via git URL and allow installations only through a whitelist. If you have installed the manager in an environment that is accessible remotely, it could be an attack vector.
I will update it to be disabled by default if the listen IP is not 127.x.x.x.
How about using an LLM to scan through the code of all custom nodes in the whitelist and provide a one-sentence description for each node so people know what they are installing? (just brain storming)
from comfyui.
It's just a test server that I do have setup to access remote to test stuff before I move workflows to a production server. I'm running on a custom port well into the 10k's. I really don't have any idea how it got added and I always grab custom nodes directly from the manager in its default settings. I'll dig around more this evening as I'm really curious how it got there.
Whatever that script does (mining multi chains I assume), my GPU was pegged at 100% all night. The room temp was blazing hot. That is what caught my attention because that 4090 rarely gets used and never gets over about 50C.It seems I need to provide an option for the remote environment to disable installing via git URL and allow installations only through a whitelist. If you have installed the manager in an environment that is accessible remotely, it could be an attack vector.
I will update it to be disabled by default if the listen IP is not 127.x.x.x.How about using an LLM to scan through the code of all custom nodes in the whitelist and provide a one-sentence description for each node so people know what they are installing? (just brain storming)
TBH, Unreliable. You can find projects that have been documented using LLM, but they are often very inaccurate.
from comfyui.
Have received the warning and tried to find the files to delete but could not locate them in the directory. Guidence please.
from comfyui.
Have received the warning and tried to find the files to delete but could not locate them in the directory. Guidence please.
What warning are you referring?
from comfyui.
Related Issues (20)
- When running K-sampler: Expected all tensors to be on the same device, but found at least two devices, cuda:0 and cpu! HOT 1
- Pixel space upscaling heavy on GPU and its too slow HOT 1
- Disable snap to middle when loading runs in history HOT 1
- Is it possible to merge the nodes "VAE Encode(for inpaint)" and "set latent noise mask"? HOT 3
- mask composite only accept positive value?
- doest find enter point
- AnimateDiff render is very slow suddenly after update
- --listen issue for local network HOT 1
- Websocket Help HOT 1
- Comfy Server HOT 2
- Fail to run two requests with the websocket API
- ComfyUI server started but the GUI appears to be broken HOT 1
- Suggestion: Red warning status when the node is not installed, you can keep the parameters HOT 2
- [Feature Request] Support for bundled LoRA/embedding files
- Is there a way to automate a workflow that includes ComfyUI? HOT 1
- FaceRestoreCF + GFPGAN 1.4 or 1.3 does not work after COMFYUI update HOT 3
- Comfy start with a wrong pytorch version.
- ERROR : module 'keras.backend' has no attribute 'is_tensor' HOT 3
- The problem involves PyTorch, but there's no error message; it just stops working. HOT 4
- exif_transpose() got an unexpected keyword argument 'in_place' HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from comfyui.