Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.

Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.

Rolled back to the backup before I made it public and now I have a security checklist.

  • LordCrom@lemmy.world
    10·
    18 hours ago

    If it’s public facing, how about dont turn on ssh to the public, open it to select ips or ranges. Use a non standard port, use a cert or even a radius with TOTP like privacyIdea. How about a port knocker to open the non standard port as well. Autoban to lock out source ips.

    That’s just off the top of my head.

    There’s a lot you can do to harden a host.

    • Faresh@lemmy.mlEnglish
      1·
      37 minutes ago

      dont turn on ssh to the public, open it to select ips or ranges

      What if you don’t have a static IP, do you ask your ISP in what range their public addresses fall?