Hi, recently (ironically, right after sharing some of my posts here on Lemmy) I had a higher (than usual, not high in general) number of “attacks” to my website (I am talking about dumb bots, vulnerability scanners and similar stuff). While all of these are not really critical for my site (which is static and minimal), I decided to take some time and implement some generic measures using (mostly) Crowdsec (fail2ban alternative?) and I made a post about that to help someone who might be in a similar situation.

The whole thing is basic, in the sense that is just a way to reduce noise and filter out the simplest attacks, which is what I argue most of people hosting websites should be mostly concerned with.

  • schizo@forum.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 months ago

    As a side note, don’t be cute and pick port 221 or 2222 or 22022 or whatever that’s got “22” in it.

    I know that sounds silly but the slightly less stupid bots are written by people who understand people do things like that and account for them, and thus port 2222 isn’t actually better than 22, or whatever.

    • kitnaht@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      5 months ago

      imho - never expose that shit anyways, and VPN into your local network first. Only thing I ever expose to the internet is 80/443.

      At the very least, if you’re going to expose an SSH session to the internet, set up some sort of port-knocking. It’s security by obscurity, sure - but it will keep all but the most ardent intruders out.

      • schizo@forum.uncomfortable.business
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        Agreed, but sometimes you have to expose things you’d rather not; I just figured I’d mention that almost everyone’s immediate urge to just go ‘port 2222! that’ll do it!’ isn’t exactly better than doing nothing anymore.