tommcg
commented
2 years ago Reading up on the Gradio exploit that is going around and wanted to share some things you can do to help mitigate these issues.
If you absolutely must have the --share switch turned on so you can use SD remotely like from your sofa while you binge Neffflix then at lease take the time to change the permissions on your 'scripts' folder for Write to DENY for USERS and add the --gradio-auth to your COMMANDLINE_ARGS as demonstrated below.
set COMMANDLINE_ARGS= --share --gradio-auth username:password --deepdanbooru --autolaunch
Be aware that running a git pull to update may not work properly if you have the scripts folder set to DENY, so be sure to test accordingly.
YakuzaSuske
Describe the bug Somehow someone unauthorized got access to my public URL without me sharing of the URL. I have the "Make Public URL" feature turned on even if i never share it, and today somehow as i was coming back from a short break, i noticed while i was generating that someone else was also generating because i was getting flashes of their images on top of mine. Keep in mind i don't think anyone in my house would understand what SD even is. So either someone got in by chance or got access to the link somehow. They also knew what they were doing because they were using a different model than i was using and already had a long prompt to begin with which was completely different to what i was generating. Interestingly, my CMD window didn't not indicate any change in model or weights, i was still using the model i had chosen (SD 1.4) but i was getting flashes of the other persons images which were using another model (Waifu Diffusion). However my GPU was being used as i saw the usage on my Task manager whenever they generated an image.
To Reproduce Steps to reproduce the behavior: Unknown.
Expected behavior A secure public URL, when not shared manually.
Screenshots Would not provide help anyway. (Generated images)
Desktop (please complete the following information):
Additional context If by any chance two people got the same public URL (However very unlikely), please add the ability to see how many people are using your Public URL or see the Ip addresses of the people connected. if possible adding a "Block IP" option would be beneficial. I always have the Public URL turned on in case i have to go somewhere else and i want to generate.