Comment

Comment on Do bots/scrapers check uncommon ports?

There are a few very simple things that don’t improve security per se but help break the onslaught. One of them would be to not use standard ports for ssh etc. Another could be to use non-standard usernames (not “admin”). Or rename URLs from the standard “admin.php” or “/contact” to something else.

source

Sort:hotnew top

confusedpuppy@lemmy.dbzer0.com ⁨11⁩ ⁨hours⁩ ago
I use a different port for SSH, I also have use authorized keys. My SSHD is setup to only accept keys with no passwords and no keyboard input. Also when I run nmap on my server, the SSH port does not show up. I’ve never been too sure how hidden the SSH port is beyond the nmap scan but just assumed it would be discovered somehow if someone was determined enough.

In the past month I did rename my devices and account names to things less obvious. I also took the suggestion from someone in this community and setup my TLS to use wildcard domain certs. That way my sub domains aren’t being advertised on the public list used by Certificate Authorities. I simply don’t use the base domain name anymore.

source
- A_norny_mousse@feddit.org ⁨10⁩ ⁨hours⁩ ago
  SSH keys are absolutely essential, but those are actual security as opposed to what I wrote above. I should’ve made that clearer.
  
  My SSHD is setup to only accept keys with no passwords and no keyboard input.
  
  I don’t see how that improves security. Surely an SSH key with an additional passphrase is more secure than one without.
  
  source
  - confusedpuppy@lemmy.dbzer0.com ⁨10⁩ ⁨hours⁩ ago
    I agree with the last point, I only mentioned that because I don’t really know what other setting in my SSHD config is hiding my SSH port from nmap scans. That just happened to be the last change I remember doing before running an nmap scan again and finding my SSH port no longer showed up.
    
    Accessing SSH still works as expected with my keys and for my use case, I don’t believe I need an additional passphrase. Self hosting is just a hobby for me and I am very intentional with what I place on my web facing server.
    
    I want to be secure enough but I’m also very willing to unplug and walk away if I happen to catch unwanted attention.
    
    source
    A_norny_mousse@feddit.org ⁨10⁩ ⁨hours⁩ ago
    Sounds like a healthy attitude towards online security.
    
    I’m doing my first ever nmap scan right now, thanks for the inspiration. It’s taking a long time - either my ISP does not like what I’m doing there or I’m being too thorough - but it looks like it does not see my SSH port either.
    
    source
    -> View More Comments