Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
endlessh
-
Why so many bots?
You can reduce the noise a lot by moving ssh to a non standard port. Security through obscurity isn't actually security, but it will reduce the number of attempts you receive. Another thing I like to do is put Endlessh on the standard port 22. That way as bots go by they will get stuck or at least slow down on that connection.
-
Is SSH secure enough?
SSH tarpit with Endlessh and for the hidden SSH: auth with both a key files (that need unlocking and is on the computer) AND an One Time Password on my phone.
-
"Failed password for root" SSH login hacking attemp?
If you change the ssh port, install https://github.com/skeeto/endlessh to slow down the attackers
-
ChatGPT doxes itself
Even this requires you to successfully guess the username and password correctly, and if it's just not the default most people won't bother brute forcing further. Sidenote: you can use endlessh on a computer and port forward port 22 to trap scanners that scan the entire internet for open ssh ports to exploit.
-
Ssh brute force attack with fail2ban.
The fun way is moving your ssh port somewhere else and installing endlessh to f the bots.
-
Security for your Homeserver
Such as endlessh
-
Keep it tight everyone! This is a day of sshd logs from a proxy server in China pinging my SSH server and trying every username imaginable. Does anyone have any tips to increase security?
But, as a prank to Chinese hackers, what I did on my system was to run endless ssh. It keeps the ssh client busy as it slowly sends the ssh banner. I modified the code to send strings like:
-
VPN to remotely access dockerized services
For hardening: I use lynis for some guidance, the VPS runs rkhunter, AIDE and other things nightly and mails me the reports, fail2ban manages the SSH port, having SSH on a custom port helps to keep things quiet. If you're into these kind of things, have a look at the Endlessh tarpit to learn about login attempts on port 22 on your machine - I found it eye-opening.
- Any app out there to trap port scanners?
- Mein Server wird für Bruteforce Attacken genutzt, was kann ich tun?
mistborn
-
Mistborn Selfhosted
Guys, anyone has experience with Mistborn ?
-
I want to run Nextcloud on my server running Jellyfin
There is a github project that rolls a Nextcloud instance and Jellyfin together in a docker install. It also rolls a bunch more stuff as well. https://gitlab.com/cyber5k/mistborn
-
Cannot get WireGuard and Pi-hole working for the life of me
try mistborn: https://gitlab.com/cyber5k/mistborn
-
vault warden behind vpn
https://gitlab.com/cyber5k/mistborn has wireguard and valtwarden built-in
-
Firewall settings, any advice for my setup?
So there is one other option you can run with - mistborn. Now, fair warning - if you want to run this on a pi....flash at least 100GB of storage space on a microssd and then for the OS I recommend a Ubuntu flavor of your choice. Ideally the latest one he has listed as successful on his table of distros that he successfully installed it on.
-
Ask HN: Share your new devbox setup process My own setup is included here
I find the fundamental problem with this sort of server setup script/config management is that they inevitably get quite personal. Nobody really wants to use another devs and when you try to allow for a lot of customisation they tend get byzantine and complex.
That said I still think it's worth sharing. If nothing else we can all usually cherry pick nice ideas from each other.
I had an entirely private set of Ansible roles I'd cobbled together that I started to put in a more shareable state a couple of years ago. It has little overlap with what you're putting together, but I do think you might find the way it separates personal Ansible config and the main project roles into separate directories (and thus different git repos) useful.
I really need to dust off my project and get it to a releasable state this year [momod](https://github.com/adrinux/momod).
I assume you've come across the many similar projects like [Sovereign](https://github.com/sovereign/sovereign), [Mistborn](https://gitlab.com/cyber5k/mistborn)
-
Wireguard Multihop VPN wg0 > wg1
https://gitlab.com/cyber5k/mistborn on my endpoint but route my traffic thru another another WG server first thus creating a multihop VPN in the interests of security
-
Folks, it's happening. The day I dreaded might be here soon.
I've been using selfhosted Nextcloud with OnlyOffice for years. I've yet to encounter something it can't handle. In fact I opened up my setup at the beginning of the pandemic so others could host their own: https://gitlab.com/cyber5k/mistborn
- minecraft server
- What’s some self hosted applications you can’t live without?
What are some alternatives?
opencanary - Modular and decentralised honeypot
tailscale - The easiest, most secure way to use WireGuard and 2FA.
sshesame - An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity
wirehole - WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
porn-vault - 💋 Manage your ever-growing porn collection. Using Vue & GraphQL
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
selfhosted-apps-docker - Guide by Example
minerstat-os - msOS - Open Source Mining OS. Repository moved, no longer using github
rustdesk - An open-source remote desktop, and alternative to TeamViewer.
geoip-blocking-w-firewalld - Block unwanted countries IPv4 & IPv6 ranges with firewalld using ipdeny.com
Open and cheap DIY IP-KVM based on Raspberry Pi - Open and inexpensive DIY IP-KVM based on Raspberry Pi