After the domestic large model DeepSeek became the focus of the AI field, some companies and individuals began to build private deployments of the DeepSeek large model. On the 14th, a reporter from the Global Times learned from the network security company Qi’anxin that as many as 88.9% of the active servers running large models such as DeepSeek have not taken security measures, which will lead to risks such as computing power theft, data leakage, service interruption, and even large model file deletion.
After the domestic large model DeepSeek became popular, the number of servers running the DeepSeek R1 large model is increasing rapidly. Qi’anxin Asset Mapping Eagle Chart Platform monitored and found that among the 8,971 Ollama large model servers, there were 6,449 active servers, of which 88.9% were “naked” on the Internet. “5,669 of the above 8,971 servers are in China, and the proportion of “naked” is basically the same as the world.” Qi’anxin’s relevant technical personnel told the Global Times reporter.
According to the introduction, such a “naked” state without security measures will cause anyone to call these services at will without any authentication and access these services without authorization, which may lead to data leakage and service interruption, and even send instructions to delete the deployed DeepSeek, Qwen and other large model files.
Ollama is a tool that can easily obtain and run large models. It supports a variety of advanced language models, including but not limited to Qwen, Llama, DeepSeek-R1, etc. It allows users to run and use these models in the server. Ollama does not provide security authentication by default, which causes many users who deploy DeepSeek to ignore the necessary security restrictions and fail to set access control for the service. As a result, anyone can access these services without authorization.
The technicians in the above text describe Ollama as a warehouse full of smart furniture, which can help you quickly move out high-end devices such as “DeepSeek Whole House Butler”, “Qwen Smart Air Conditioner”, and “Llama Sweeping Robot”. “But this ‘warehouse’ defaults to ‘no door locks’, and the landlord only cares about enjoying the convenience of ‘delivery to your door with a shout’, and forgets to lock the door. As a result, passers-by sneak in casually: someone secretly opens the ‘DeepSeek housekeeper’ to adjust the room temperature, someone dismantles the ‘Qwen air conditioner’ parts to sell for money, etc. – in the blink of an eye, all the furniture is cleared out, leaving only an empty rough house.” The technician said. Qi’anxin Asset Surveying and Mapping Eagle Chart Platform monitoring found that there have been incidents in which DeepSeek servers in a “naked” state have been scanned by automated scripts, and maliciously occupied a large amount of computing resources, stole computing power and caused some users’ servers to crash.
Therefore, technical experts recommend that all companies and individuals who deploy DeepSeek services should immediately modify the Ollama configuration and add identity authentication methods. At the same time, timely modify relevant security configurations such as firewalls, WAFs, and intrusion detection, such as formulating IP whitelists to restrict access to ensure that only authorized personnel can access model services. Regularly checking and closing unnecessary ports, limiting the use of computing resources, and strengthening monitoring are also key to improving security.
At the same time, when running large models, users need to encrypt all transmitted data to avoid leaking sensitive information when encountering attacks and data theft. In addition, by deploying relevant security products, traditional network attacks against application services can be effectively resisted, especially for jailbreaks and prompt word injection attacks that are unique to large model applications.