Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@FrodoSwaggins I sure will do this when I get home don't want to wake up on a hacked server :/
But doesn't those failed attempts effect server? I mean doesn't it use it's resources even for fraction of a second? -
mbj0471307yDitto to above you want to see some logs I have miles of them. What I find interesting is 70% resolved addresses in those belong to China and Korea.
-
@Root port nockig as in scanning which open ports target has?
Everyone else, what do you think about this attached image?
#1 is ufw and #2 is fstab
(Image in next comment)
Link:https://thefanclub.co.za/how-to/...
Are they recommended or do I look for something else?
@FrodoSwaggins @Artemix @exelix @ewpratten @mbj047 -
Root797707y@gitpush Port knocking as in: you make a request to the server at port 98765, and the server opens sshd on port 3456.
You do a secret knock, the server opens a hidden door. That way, the door isn't always visible. (Still requires keys as usual, ofc.) -
@gitpush I believe all the steps will work. Make sure to change SSH port! That's the first thing you should do.
-
@Root thanks I'll read more about it 😀😀
@uziiuzair thanks man I'll also start checking them, hope I don't get stuck somewhere 😅 -
@Root thank you, port knocking up and running. Learning something new everyday day 😀
-
julianmd5057yCommenting because I'm such a noob at this and want to learn more. Looking forward to new comments and suggestions for system security tightening.
-
@julianmd start by applying what's in my comment where image is attached, the one before it has the website link, for now I do fail2ban, and port knocking,this weekend will continue for the rest
-
julianmd5057y@gitpush I'm making a security to-do list and checking it twice, I'll be always checking which port has been naughty or nice - LET'S ENCRYPT IS COMIIIIING TO HOST!
-
@julianmd oh I set it up with nginx it is so damn amazing, I used their docker for easy configuration it is just few commands and all is set up.
Can you share your security list if it's ok with you? -
julianmd5057y@gitpush Sure thing, bro!
• 4096-bit private/public keys for auth through SSH (I still need to disable root SSH and change the default port)
• Password protect all the tools I use using their built-in password auth scheme
• Future Let's Encrypt once I buy a real domain (I'm using a free one that my ISP offers, but I can't get Let's Encrypt to deploy on that for some reason)
• Basic ufw rules and iptables fail2ban-like config
• Future fail2ban deployment
That's about it, I'm still learning a lot about different ways to secure the server and trying to pick the best for me. I only use my server for file storage/backups, sometimes VPN when Mom needs to use some apps on it, Plex and as an overall learning tool. It's just my old PC with Ubuntu server on it, nothing fancy. Core 2 Duo @ 1.86 GHz and 6 GB of RAM. -
julianmd5057yCheers. On the train right now, going to visit the folks before starting work on Monday. ðŸ»
Related Rants
For fucks sack I just created my server and fail2ban already blocked 6 IP addresses dafuq is going on on the internet 😓
rant
fail2ban
security?
internet
web