Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.

Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.

Rolled back to the backup before I made it public and now I have a security checklist.

  • troed@fedia.io
    1·
    7 hours ago

    Yeah I don’t do security via obscurity :D I agree you need to keep your Internet facing services up to date.

    (No need to educate me on Wireguard, I use it. My day job is slightly relevant to the discussion)

    • DefederateLemmyMl@feddit.nl
      1·
      7 hours ago

      Yeah I don’t do security via obscurity

      Another one who misunderstands that phrase… Yes, obscurity shouldn’t be your only line of defense, but limiting discoverability of your systems should be an integral part of your security strategy.

      • troed@fedia.io
        1·
        7 hours ago

        There’s no difference to the work I need to do to secure an open SSHd vs an open WireGuard server. None.

        Yes I harden, and penetrate, systems for a living. If your systems need remote access there is no standard (neither in fintech or military) that classifies SSHd as being “worse” than a VPN.