Vista Normal

Hay nuevos artículos disponibles. Pincha para refrescar la página.
AnteayerA step up from a home lab

Server security

✇A step up from a home lab
Por: /u/SpoofedXEX
10 Mayo 2024 at 03:14

EDIT: I ditched Traefik, and Authentik. I am now using CloudFlare zero trust tunnels, closed all ports on my router and the attacks have completely stopped.

I recently posted about my server getting hundreds of requests and attacks, I followed through on some recommendations.

I ditched TrueNAS and went back to my Unraid Pro installation.

I’ve added JavaScript challenges through CloudFlare which has helped drop my traffic down to 200 from 20k per 24 hours. I set up Authelia, as well as CA Certs instead of Self Signed. HSTS. and a few other firewall rules for Trusted IPs.

I’m in the process of learning how to use crowdsec as another layer of protection. I’m looking for more recommendations. I don’t really like the feel of Authelia as the UI is rather huge lol for a login form.

The amount of attacks my router has detected since these changes have been 2 in the past day or two that is blocked.

submitted by /u/SpoofedXEX
[link] [comments]

Attacks on server seems excessive?

✇A step up from a home lab
Por: /u/SpoofedXEX
7 Mayo 2024 at 09:34

Follow up; After doing more digging. It looks like something or someone was able to actually inject a shell script into my traefik “app”. I resolved it, I will be switching to a different ingress system. I have been looking into using portainer to spin up docker images.

So, I self host using TrueNAS Scale and I have 12 "apps" that run constantly.

bookstack
hastebin
maintainerr
ollama
overseerr
plex
radarr
sabnzbd
sonarr
tautulli
tdarr
traefik

I've never noticed anything out of the ordinary other than cloudflare showing I have on average 19k requests per 24 hours for services I pretty much use. I know bots will account for a lot of these once a domain is cached on Google and gets picked up on scanning etc.

I checked my router, it shows that every day, every hour for the last 3 months there has been a "web shell script" attack blocked. I checked my servers logs and still see nothing out of the ordinary, I feel like it is a bit excessive to be this much.

Of the 12 apps, 8 are forward facing to the internet and passed through cloudflare on specific use domains. Served with Full end-to-end SSL certs.

Just paranoid.

Edited; Accidentally put month in place of 24 hour measurement.

submitted by /u/SpoofedXEX
[link] [comments]
❌
❌