I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?

Edit: Thanks for the tips everyone!

  • @orangeboats
    link
    English
    16
    edit-2
    1 year ago

    I only expose services on IPv6, for now that seems to work pretty well - very few scanners (I encounter only 1 or 2 per week, and they seem to connect to port 80/443 only).

    • 🅱🅴🅿🅿🅸
      link
      fedilink
      English
      51 year ago

      Must be nice living in a post 1995 country… theres only 1 or 2 ISPs in Australia that support ipv6…

      • @orangeboats
        link
        English
        31 year ago

        Lol, I have heard some ISP horror stories from the Down Under.

        I am fortunate enough that my country’s government has been forcing ISPs to implement IPv6 in their backbone infrastructure, so nowadays all I have to really do is to flick a switch on the router (unfortunately many routers still turn off IPv6 by default) to get an IPv6 connection.

        • 🅱🅴🅿🅿🅸
          link
          fedilink
          English
          21 year ago

          Yeah the internet services here are really stuck in the past. Hard to tell if theyre taking advantage of the scarcity of ipv4 addresses to make more money somehow, or of theyre just too fuckn lazy

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      Isn’t that akin to security through obscurity… you might want one more layer of defense

      • @orangeboats
        link
        English
        2
        edit-2
        1 year ago

        I still have firewall (that blocks almost all incoming connections) and sshguard setup. I also check the firewall logs daily, blocking IPs that I find to be suspicious.

        I could probably do better, but with so few scanners connecting to my home server, I have managed to sleep way better than back when I setup a server on IPv4!

        Also, even if my home server gets attacked, at least I know that my other devices aren’t sharing the same IP with them… NAT-less is a godsend.