Is it safe to expose the Telegram Bot API to public network? #701
Comments
|
I think the only ones at risk would be the ones trying to use it, since their bot token will be logged and even will get it's own folder/directory named after the token(in full!) to store the binary representation of pending updates for the bot Otherwise the bot API server doesn't do much aside from serving bot API requests, try deploying it on your local network and navigate to it's IP:port at the root level and see for yourself What you shouldn't expose to the internet without at least basic auth is the stats port(usually 8082 in aiogram's image) Edit: just a clarification on the last line here since i realized that i hadn't explained what the 8082 stats port does
Because it lists each and every single one of the bot tokens that have been used to make requests to this particular telegram-bot-api server, so yes, exposing that port to internet without auth is a surefire way to get your bots hacked and possibly banned, which you will be the one to blame, since telegram doesn't track who uses a token, but who created the bot with that token |
|
Understood :). thanks for reply |
I'm a lamer in networking at the moment. If I deploy this Telegram Bot API image with the port 8081 exposed to the public internet would I face security and performance issues. Or is it safe to do so?
The text was updated successfully, but these errors were encountered: