Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Mate if you want me to have a go I will but I likely won't have time till end of next week 😊 I do have some experience though.... Not some scripty
-
I'm with @FitzSuperUser. Could do some testing during the weekend if you'd like? Not a skiddie by the way :)
-
The1nk1528yYou know ... sure. I'll post it publicly for people to take a stab at in their spare time. Haha. Its not "tightened up", or meant to be a challenge - it's me starting a personal site for growth and networking, and trying to get help to tighten it up.
Http://staystachey.com thanks guys. Be gentle. 😂😂 -
The1nk1528y@The1nk er, please don't destroy my content. I actually ... don't have a backup yet. Haha
-
Jifuna37308yI just tried some things but I only found one thing: so far I know password mode is still enabled on your ssh service. So maybe turn that off. I also noticed I got blocked after some time so I quess you have fail2ban installed.
-
The1nk1528y@Jifuna SSH still prompts for a password, but I only have one account (non-root) and it's secured by a key - it has no password. Root doesn't have a password, well, it likely does but not one that I know. Not sure why it still *tries* to get a password, is there a setting for that?
-
The1nk1528y@JammehCow @Xenotoad Yeah, that's on my to-do list -- using LetsEncrypt to get a SSL/TLS going. Thanks for the advice!
-
The1nk1528y@JoshuaaM Definitely. After I posted that "I don't have a backup" message, I grabbed my phone and made a backup. Haha. Thanks for the advice!
-
Jifuna37308yOkay, thats good! Yes there is a setting for that, set passwordAuthentication to no in /etc/ssh/sshd_config
Is there a service, or forum, where you can ask people to try to break into your software for free?
Stupid as that is, I kind of want a beginner security guy to pen test my server. Eventually I'll shell out cash for a real review, but I'd like a lite one now. 😔
undefined