Comment on Need help ensuring my public mediawiki is safe before launch
saint@group.lt 8 months agosorry, this is kinda like a firewall, but protecting websites, so many vulnerabilities are filtered out. it does not protect you 100% percent (nothing does). it might be hard to setup, in that case there is an option to use waf as a service, i.e. - cloudflare has such offering, maybe there are others as well. i have looked into vultr - they seem to offer only a “usual” type of firewall, not http/application based.
xnx@lemm.ee 8 months ago
Ah ok thanks for the info! Do you know if vultrs firewall would make installing fail2ban redundant?
saint@group.lt 8 months ago
if you configure ssh access only from your home ip - then fail2ban is not needed.
xnx@lemm.ee 8 months ago
Oh perfect thanks
Haui@discuss.tchncs.de 8 months ago
But if your home ip ever changes, you‘re fucked. I would never do that. Pubkey is the way.
SheeEttin@lemmy.world 8 months ago
Method of authentication doesn’t matter if there’s a pre-authentication vulnerability: thehackernews.com/…/openssh-releases-patch-for-ne…
Instead of exposing multiple services, I would recommend just one VPN for remote access. Less attack surface.
saint@group.lt 8 months ago
usually i add more than 1 ip and also vultr firewall can be managed to change ip. tailscale can be used as well. there are options!