ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 23 days agoWhat steps do you take to secure your server and your selfhosted services?message-squaremessage-square52fedilinkarrow-up157arrow-down11file-text
arrow-up156arrow-down1message-squareWhat steps do you take to secure your server and your selfhosted services?ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 23 days agomessage-square52fedilinkfile-text
Inspired by this comment to try to learn what I’m missing. Cloudflare proxy Reverse Proxy Fail2ban Docker containers on their own networks
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up9·23 days agoThere are ip lists that let you iptables drop all traffic from China and Russia. Strongly recommend.
minus-squareocean@lemmy.selfhostcat.comOPlinkfedilinkEnglisharrow-up6arrow-down1·23 days agoI was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese… Good advice outside of this use case! :)
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up1·23 days agoYeah, there were other countries to ban, but those 2 cut my attacks down 90%. Also consider a honeypot that triggers when anyone tries to ssh it at all.
minus-squareLka1988@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up1·edit-221 days agoMy UDM has this capability. I’ve blocked quite a few countries that it logged as trying to get into my network. Great little internet cylinder.
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up1·21 days agoHave the rack mounted one, I usually roll my own router but I’m glad to have someone else making sure I don’t do anything stupid for security. It’s not perfect, but it’s peace of mind.
This and fail2ban
Anything else?
There are ip lists that let you iptables drop all traffic from China and Russia.
Strongly recommend.
I was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese…
Good advice outside of this use case! :)
Yeah, there were other countries to ban, but those 2 cut my attacks down 90%.
Also consider a honeypot that triggers when anyone tries to ssh it at all.
My UDM has this capability. I’ve blocked quite a few countries that it logged as trying to get into my network. Great little internet cylinder.
Have the rack mounted one, I usually roll my own router but I’m glad to have someone else making sure I don’t do anything stupid for security.
It’s not perfect, but it’s peace of mind.