Comments

• czed Member

  December 2025

  @Turbo_Pascal said:
  This is why I only use shared hosting. So much less crap to worry about.

  The real fun begins when you break your VPS at 3 in the morning, though.

  Thanked by 1COLBYLICIOUS
• farsighter Member

  December 2025

  Import my own bashrc.
• ralf Member

  December 2025

  /etc/init.d/networking stop

  Everything feels a bit safe that way...

  Thanked by 1sillycat
• jenkki Member

  December 2025

  фзе-пуе гзвфеу

  фзе-пуе гзпкфву
• fazar Member

  December 2025

  dpkg-reconfigure tzdata
• Saahib Host Rep, Veteran

  December 2025

  tbh, first I login and see if I have been delivered what it was promised.
• MikeA Member, Patron Provider

  December 2025

  #passwd
  pass123
  
• WebProject Veteran, 🚩 Host Rep Tag Suspended

  December 2025

  @barbaros said:
  change ssh password to test

  After changing password don’t need to remember and disable all services so it will be reason to contact support regarding the VPS is not functioning properly.
• Fourplex Member, Host Rep

  December 2025

  @czed said:
  The real fun begins when you break your VPS at 3 in the morning, though.

  If you run a VPS host, I had downtime at 10:30 PM. I normally sleep by 10 AM, but that day was fortunately awake until 12 AM. I had to take a nap in the morning to catch up.

  The good part was it was just a bad Ethernet cable. I really thought the NIC died.
• default Veteran

  December 2025

  If you uninstall every package, including SSH, will that be proper idling?

  Thanked by 1WebProject
• nikio Member

  December 2025

  I get that YABS is a bit of a meme but do people actually run production software after running YABS without reinstalling first?

  The whole practice of curl | bash just disgusts me on a deep level.

  Sure I might run YABS myself on a new server from a new provider because I am too lazy to run a benchmark myself, but then I'll nuke the VM from orbit and reinstall with clean, known-good OS image. I wouldn't dare run it on physical hardware because that's too easy to leave a backdoor in.

  Thanked by 1jnd
• nikio Member

  December 2025

  @Turbo_Pascal said:
  This is why I only use shared hosting. So much less crap to worry about.

  Gotta be ragebait. Shared Hosting is so restrictive I gave up on it when I was 15 years old.

  Plus it bundles so much crap you don't actually need. Why would I want a "website builder" (whatever that is).
• amsaal Member

  December 2025

  @czed said:

  @tfgp99 said:
  change SSH port?
  Never miss YABS man

  I change SSH port out of habit, but its a false sense of security. It's best to limit SSH traffic to a few trusted IPs.

  Now you don't even need ssh use other method like terminal using cockpit.
• Turbo_Pascal Member

  December 2025

  @nikio said: Gotta be ragebait. Shared Hosting is so restrictive I gave up on it when I was 15 years old.

  Not trying to be funny or ironic. When I looked at the list of chores presented in this thread, it made me glad I have never tried to administer a public-facing server, or any server at all. I have better things to do.

  Thanked by 2COLBYLICIOUS FairShare
• op23 Member

  December 2025 edited December 2025

  @Turbo_Pascal said:

  @nikio said: Gotta be ragebait. Shared Hosting is so restrictive I gave up on it when I was 15 years old.

  Not trying to be funny or ironic. When I looked at the list of chores presented in this thread, it made me glad I have never tried to administer a public-facing server, or any server at all. I have better things to do.

  I don’t think a one-time setup of 4-5 things, half of which can be setup using a script is that big of a deal.

  Of course anything is a big deal if one takes it to extreme (have too many servers to take care of, constant itch to “improve” something even if it’s not that big of a deal in real life improvement, self-host every little thing under the sun, etc etc etc).
• Turbo_Pascal Member

  December 2025

  You may be right, but I feel that cybersecurity changes too fast to keep up with what needs to be done. Do I overestimate it? I've also never seen a host advertise managed security, at least not at low-end pricing.

  @op23 said: I don’t think a one-time setup of 4-5 things, half of which can be setup using a script is that big of a deal.
• op23 Member

  December 2025

  @Turbo_Pascal said:
  You may be right, but I feel that cybersecurity changes too fast to keep up with what needs to be done. Do I overestimate it? I've also never seen a host advertise managed security, at least not at low-end pricing.

  @op23 said: I don’t think a one-time setup of 4-5 things, half of which can be setup using a script is that big of a deal.

  The list of stuff mentioned here is the same I have seen 3-4 years ago. Basics never change really.

  For cybersecurity incidents it boils down to two things, how big is your attack surface e.g. how much are you managing + regular security patching (run that upgrade command for your OS/software).

  I don’t host email or serve personal data (except for storing encrypted copies of stuff online as part of a backup strategy) so a server nuke will be last of my concerns.

  Thanked by 1tentor
• nikio Member

  December 2025

  @Turbo_Pascal said:
  You may be right, but I feel that cybersecurity changes too fast to keep up with what needs to be done. Do I overestimate it? I've also never seen a host advertise managed security, at least not at low-end pricing.

  @op23 said: I don’t think a one-time setup of 4-5 things, half of which can be setup using a script is that big of a deal.

  Disabling root login and changing the SSH port is not exactly the cutting edge of cybersecurity. That has been standard practice for 20+ years.

  On the other hand, the remote code execution vulnerability in react-server applications is a new thing and is not mitigated by using shared hosting versus your own server.

  Thanked by 1tentor
• MannDude Patron Provider, Veteran

  December 2025

  Normal hardening + xanmod kernel + sysctl.conf tweak
• alivefox Member

  December 2025 edited December 2025

  @CloudHopper said:
  I run an Ansible playbook that performs the following steps:

  - name: Create xxxx user
  - name: Create xxxx  SSH directory
  - name: Copy authorized_keys file with owner and permissions
  - name: Install a list of packages
  - name: Install Auditd Rules
  - name: restart auditd service and issue daemon-reload to pick up config changes
  - name: Upgrade the OS (apt-get dist-upgrade)
  - name: Copy Fail2Ban config file with owner and permissions
  - name: Copy sshd_config fille with owner and permissions
  - name: Restart SSH service and issue daemon-reload to pick up config changes
  - name: Restart Fail2Ban service and issue daemon-reload to pick up config changes
  - name: Enable Fail2Ban service and ensure it is not masked
  - name: Allow access to port XXXX for SSH
  - name: UFW - Enable and deny by default
  - name: Install Crowdsec
  - name: Install Wazuh
  - name: Install Zabbix Agent2
  - name: Copy Zabbix Agent2 config file  with owner and permissions
  - name: Restart Zabbix Agent2 and issue daemon-reload to pick up config changes
  - name: Install Tailscale
  - name: Allow access to port 10050 on Tailscale0 for Zabbix
  

  I feel the same way

  shell script

  0.Upgrade the OS
  1. Delete unused users
  2. Delete unused software
  3. Set the number of histories for bash variables
  4. Set time zone
  5. Install the Trash Recycle Bin feature, but alias it to bash rm
  6. Modify kernel parameters
  7. Set public key and sshd parameters

  My principle is that less is both more and safer, and there are still about 300 packages left
• Motion3549 Member

  December 2025

  @MannDude said:
  Normal hardening + xanmod kernel + sysctl.conf tweak

  Mind sharing your sysctl.conf tweak, thanks
• MannDude Patron Provider, Veteran

  December 2025

  @Motion3549 said:

  @MannDude said:
  Normal hardening + xanmod kernel + sysctl.conf tweak

  Mind sharing your sysctl.conf tweak, thanks

  Depends on what I'm using the server for and it's resources, to be honest. You can use https://incognet.io/sysctl-conf for some general configs settings. Theres always going to be values that "could" or "should" be higher or lower, included or removed depending on who you ask.
• kalenobb Member

  December 2025

  I'll use wnmp.org for one-click web environment deployment because it automatically sets up SSH key authentication—it's incredibly convenient.

  Thanked by 1op23
• Hajt Member

  December 2025

  Usually free -m or htop
• Tudcloud Member, Patron Provider

  December 2025

  First thing Add SSH keys and close password login.
• WebProject Veteran, 🚩 Host Rep Tag Suspended

  December 2025

  @default said:
  If you uninstall every package, including SSH, will that be proper idling?

  Unfortunately we had such customer 😂
• Neat321 Member

  December 2025

  YABS
• NetPIMP Member

  December 2025

  generally, I go to its control panel, power it off, and then forget about it until the first reminder for the next billing cycle - which reminds me it exists, prompting me to turn it back on, look at it for a few minutes, then power it off and repeat the process again.

  I have no idea why I don't have any money.
• concept Member

  December 2025

  Update and upgrade all packages
  Run YABS and NWS
  Add user, assign to sudo group, disable root
  Add it to my Tailscale network
  Enable Tailscale SSH
  Disable SSH.
• fijxu Member

  December 2025

  • Run YABS
  • Get IP addresses, gateways and ranges
  • Install latest Debian
  • Install my default NixOS configuration for new servers
  • Run anything

  That's it ;3