LLaMa Leaks - FREE AI Endpoints

A very public wall of exposed Ollama endpoints. Zero security. No asterisks.

Comment

Inspiration

It started with a quiet observation: I noticed how easy it was to spin up a model server, and just how easy it was to forget it was running. A quick search on Shodan tells me about 14000 Ollama servers on the public internet are wide open - no authentication, no rate limiting, and often running full LLMs. What if they didn’t know their models are exposed? Of course they don't. But a lot could go wrong! Maybe they don't know.

And I felt like building this to tell them exactly that - raise awareness, respectfully disclose, and educate developers. But mostly for bragging rights.

What it does

LLaMa Leaks is a public awareness dashboard that highlights unauthenticated, public-facing Ollama servers found via Shodan, FOFA and Censys.

  • Shows randomized server metadata, and running LLMs, versions and vulnerabilities.
  • “Random” button to explore what's publicly reachable
  • Fake “Delete Model” and “Add Malicious Model” buttons to illustrate risks
  • No prompts, no probing - only passive validation and education

It's a silent alarm for people who forgot their LLaMA is still on.

How I built it

  • Frontend: Built in Bolt, using React + Vite + TailwindCSS
  • Backend: Python-based scanner that asks for Ollama servers from these internet-wide scanners, checks /api/ps, and redacts IPs
  • Storage: Raw IP data is stored securely in a private Supabase bucket
  • Automation: GitHub Actions run every 6 hours, scanning servers for running models, and pushing redacted JSON to GitHub
  • Hosting: Static frontend served via Netlify

Challenges I ran into

  • How to show a security issue without becoming one? Designing for awareness meant thinking carefully about ethics, masking, and what not to show.
  • Keeping raw data out of GitHub I used Supabase + GitHub Actions to securely fetch private input without ever committing it.
  • Rate-limiting without a backend The frontend rate limit is entirely client-side - smart enough for MVP, private enough for safety.
  • Unwanted Netlify deploys Backend-only commits were triggering frontend redeploys. I fixed this with [skip netlify] in git commit messages.

Accomplishments that we're proud of

  • Launched a fully ethical, passive AI security tool - zero risk to exposed systems
  • Built a GitHub-to-Netlify data pipeline with no backend infra cost
  • Designed an experience that is as educational as it is alarming
  • Showcased a real-world problem with a snappy visual interface(thanks bolt!)

What we learned

  • How to build secure, read-only tooling for sensitive data
  • How to use Supabase, GitHub Actions, and Netlify together for a JAM stack data pipeline
  • That AI infrastructure often lacks basic protection - and we can help fix that, without crossing any ethical lines

What's next for Ollama Wall - FREE AI Endpoints

  • Add a leaderboard of vulnerable ollama versions
  • Add Sentry logging + honeypot traps to catch scrapers
  • Integrate WHOIS + abuse contact lookup for faster disclosures
  • Publish a public API for redacted, rate-limited access
  • Launch a “Fix your LLaMA” campaign to help developers secure their endpoints

Built With

  • censys
  • fofa
  • github-actions
  • javascript
  • localstorage-based-rate-limiting
  • mapbox
  • mapbox-(optional-map)
  • netlify
  • python
  • react
  • shodan
  • supabase
  • supabase-cloud-services:-supabase-(storage)
  • supabase-python-sdk-other:-github-cron-jobs
  • tailwindcss
  • tailwindcss-(lovable)-platforms-&-hosting:-vercel
  • vercel-(frontend-+-ci)-apis:-fofa-(passive-data)
Share this project:

Updates