Wanna score some free GPU time on a Tesla P40 or other enterprise-grade silicon for your ComfyUI use? No big deal. Just hijack an unsecured server, most likely chilling somewhere in China, and start generating as much as you want. All you need is a port scanner like Shodan, Nmap, or any pentest tool of your choice. You can automate the whole thing, too, scrap the servers, and call it a day.
A random Chinese server I got into. These exposed servers often come preloaded with a combo of realistic models, and some run Flux or SD3. It had no outputs, so I made them some!
Out of the box, ComfyUI is not really secure when set up on remote servers. It has no authentication out of the box, mostly because it was designed to run locally. But if you’re not running it inside a Docker container or using something like the ComfyUI Login plugin when on the cloud, your server is an open bar. If you’re running it on Google Cloud or Azure without any guardrails, you’re just as exposed.
Leaks are now so widespread that someone decided to make a public list of unsecured ComfyUI servers. Go and click through, and fire up these remote ComfyUI instances. See for yourself what happens if you’re not prudent with your remote configurations.
Public list of compromised ComfyUI remote instances
Most of these servers are loaded with models, tools, and nodes – some even run on A6000s or Tesla cards (costly white-label Nvidia). Interestingly, what I found is that a lot of these servers are just idle, doing absolutely nothing.
Now, just so we’re clear: messing with these servers is illegal (in most countries). But the takeaway here is that if you’re not running your AI setup on your GPU and instead rely on the cloud, secure your damn instance. Check your logs once in a while too. Otherwise, someone else will take advantage of the server, at best making it a machine that produces “fanart” with a large amount of Danbooru tags (the kind that were recently banned on Civitai), at worst taking over all your data.
I found this funny message from one of the “kinda lonely ngl” user, who graciously patched one of the compromised servers, although he didn’t do anything with login. Good job, pinkscales!
I run ComfyUI locally, am I cooked, too?
Nope! Local ComfyUI (or Automatic1111, or anything similar) doesn’t expose itself to the internet unless you explicitly make it do so. You’re safe-ish. But you still need to be mindful of where you’re getting your models and extensions. Discord servers aren’t the best place to download anything you will be running on your machine.
Stick with CivitAI and Hugging Face for models, and download only models in .safetensors format. It was specifically designed to be secure, as it does not allow of execution of arbitrary code. No malicious code injection – only honest waifus. Also avoid downloading directly custom workflows for ComfyUI, especially from Chinese servers. It’s better to reproduce them by yourself as they might contain unsafe nodes. You will learn some things too this way.
Want to read more? I wrote a whole chapter on ComfyUI in my Stable Diffusion book. It’s a pretty cool read, and I highly recommend it to anyone using SD or people interested in starting with AI image generation.
