• cubism_pitta@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      15 days ago

      Yes, My home network setup is a bit complicated but I am using Pfsense so I have things on separate vlans with internal firewall rules to reduce risks.

      All traffic in on port 443 is routed from Cloudflare to an NginX reverse proxy which decides how to connect back into my network for things

      Years ago I would just run a server on the network with 443, 80 and 22 exposed directly to the world and never had any major issues. (Other than the normal automated attacks trying to gain shell access over SSH)

      • BeardedGingerWonder@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        15 days ago

        Gotcha, vlan setup sounds like the best possible way to do it, I don’t trust my security skills at all, 22 with fail2ban is about as far as I trust myself!

        The hammering 22 gets is astonishing though.

        • cubism_pitta@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          15 days ago

          Most of these things are pretty secure out of the box.

          Even without fail2ban disabling root login and only allowing SSH key authentication makes those scripts just a waste of time for the attacker. That game is a low effort attempt to just get the low hanging fruit for botnets though.