ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 2 days agoWhat steps do you take to secure your server and your selfhosted services?message-squaremessage-square42fedilinkarrow-up10arrow-down10file-text
arrow-up10arrow-down1message-squareWhat steps do you take to secure your server and your selfhosted services?ocean@lemmy.selfhostcat.com to Selfhosted@lemmy.worldEnglish · 2 days agomessage-square42fedilinkfile-text
Inspired by this comment to try to learn what I’m missing. Cloudflare proxy Reverse Proxy Fail2ban Docker containers on their own networks
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up0·2 days agoThere are ip lists that let you iptables drop all traffic from China and Russia. Strongly recommend.
minus-squareocean@lemmy.selfhostcat.comOPlinkfedilinkEnglisharrow-up0·2 days agoI was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese… Good advice outside of this use case! :)
minus-squareInvertedParallax@lemm.eelinkfedilinkEnglisharrow-up0·2 days agoYeah, there were other countries to ban, but those 2 cut my attacks down 90%. Also consider a honeypot that triggers when anyone tries to ssh it at all.
There are ip lists that let you iptables drop all traffic from China and Russia.
Strongly recommend.
I was auto banning all countries but my own but now I’m hosting one resource that has an audience including Chinese…
Good advice outside of this use case! :)
Yeah, there were other countries to ban, but those 2 cut my attacks down 90%.
Also consider a honeypot that triggers when anyone tries to ssh it at all.