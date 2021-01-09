I wrote a rant only to calm down by the end of it, it comes down to this if you are doing security the same way you were 3 years ago then your security is garbage and you are asking to be hacked. It's not enough to protect things behind a username and password, you need port filtering paired with application ID filtering, and strict IP permission sets. No longer can you have your admin portal accessible from the outside, if you can access the admin portal then so can anybody else and it doesn't matter how good you think your username and password combination is, they will find a way around it, or to steal it.