Not sure why you’re downvote, you’re absolutely right. People scan for open ports all day long and will eventually find your shit and try to break in. In my work environment, I see thousands of login attempts daily on brand new accounts, just because something discovered they exist and want to check it out.
Comment on ELI5: How to put several servers on one external IP?
somewa@suppo.fi 9 months agoRemember that with services facing public internet it’s not about if you get hacked but when you get hacked. It’s personal photos on someone elses hands then.
thermal_shock@lemmy.world 9 months ago
somewa@suppo.fi 9 months ago
Those who have not been burned yet often don’t expect it to happen to them. Usually it isn’t anything big causing it but some typo in a config or software not updated on time.
Allero@lemmy.today 9 months ago
I do remember that and take quite a few precautions. Also, nothing that can be serioisly used against me is in there.
hietsu@sopuli.xyz 9 months ago
I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
Allero@lemmy.today 9 months ago
Pretty solid! Though insta-ban on everything :80/443 may backfire - too easy to just enter the domain name without subdomain by accident.
hietsu@sopuli.xyz 9 months ago
Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.