Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Securing servers - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Securing servers

13»

Comments

  • FatGrizzlyFatGrizzly Member, Host Rep

    @vitobotta said:
    I just stopped exposing SSH to the Internet, and am now using a Cloudflare tunnel to SSH into the servers, still with OTP codes required. This was super easy to configure.

    I can confirm CF ZT is very cool. I expose no ports, everything goes via a cloudflare tunnel.

    You can use multiple authentication systems with CF ZT. Pog stuff.

  • One more change I have just made regarding Cloudflare: I have restricted all traffic to ports 80 and 443 so that only requests coming from Cloudflare come through. This should cut the noise quite a bit.

  • @vitobotta said:

    Is the fix possible to use with wireguard installed by Nyr's script or can they mess firewall when used together?

    Isn't there any fix in the Docker itself?

    Thanks for sharing your setups! I have a lot to learn.

  • trycatchthistrycatchthis Member
    edited January 2023

    I white list the IP addresses allowed to SSH into the server.

    I use ipset and deny all ip addresses then allow a couple of dynamic ip addresses and other trusted ip addresses to ssh.

    Also setup login notifications.

    I cant imagine doing all of that just to login to a server.

  • Most secure ways is to unplug the internet connection to server 🥱

Sign In or Register to comment.