ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 2 days agoWhat steps do you take to secure your server and your selfhosted services?message-squaremessage-square42fedilinkarrow-up10arrow-down10file-text
arrow-up10arrow-down1message-squareWhat steps do you take to secure your server and your selfhosted services?ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 2 days agomessage-square42fedilinkfile-text
Inspired by this comment to try to learn what I’m missing. Cloudflare proxy Reverse Proxy Fail2ban Docker containers on their own networks
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up0·2 days agoThere are ip lists that let you iptables drop all traffic from China and Russia. Strongly recommend.
minus-squareocean@lemmy.selfhostcat.comOPlinkfedilinkEnglisharrow-up0·2 days agoI was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese… Good advice outside of this use case! :)
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up0·2 days agoYeah, there were other countries to ban, but those 2 cut my attacks down 90%. Also consider a honeypot that triggers when anyone tries to ssh it at all.
This and fail2ban
Anything else?
There are ip lists that let you iptables drop all traffic from China and Russia.
Strongly recommend.
I was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese…
Good advice outside of this use case! :)
Yeah, there were other countries to ban, but those 2 cut my attacks down 90%.
Also consider a honeypot that triggers when anyone tries to ssh it at all.