Hi, recently (ironically, right after sharing some of my posts here on Lemmy) I had a higher (than usual, not high in general) number of “attacks” to my website (I am talking about dumb bots, vulnerability scanners and similar stuff). While all of these are not really critical for my site (which is static and minimal), I decided to take some time and implement some generic measures using (mostly) Crowdsec (fail2ban alternative?) and I made a post about that to help someone who might be in a similar situation.

The whole thing is basic, in the sense that is just a way to reduce noise and filter out the simplest attacks, which is what I argue most of people hosting websites should be mostly concerned with.

  • LostXOR@fedia.io
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    3 months ago

    Yeah, I just left my SSH port as 22 since I only use key-based authentication so there’s really no security risk. Plus, it’s funny going through the logs and looking at all the login attempts.

    • loudwhisper@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      Yep I agree. Especially looking at all the usernames that are tried. I do the same and the only risk come from SSH vulnerabilities. Since nobody would burn a 0-day for SSH (priceless) on my server, unattended upgrades solve this problem too for the most part.

        • loudwhisper@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Yeah I know (I mentioned it myself in the post), but realistically there is no much you can do besides upgrading. Unattended upgrades kick in once a day and you will install the security patches ASAP. There are also virtual patches (crowdsec has a virtual patch for that CVE), but they might not be very effective.

          I argue that VPN software is a smaller attack surface, but the problem still exists (CVEs) for everything you expose.