undefined | Better HN

0 pointst_mahmood2mo ago0 comments

About security, wall of shame story,

Once I had Postgresql db with default password on a new vps, and forgetting to disable password based login, on a server with no domain. And it got hacked in a day, and was being used as bot server. And that was 10 years ago.

Recently deployed server, and was getting ssh login attempts within an hour, and it didn't had a domain. Fortunately, I've learned my lesson, and turned of password based login as soon as the server was up and running.

And similar attempts bogged down my desktop to halt.

Having an machine open to the world is now very scary. Thanks God for service like tailscale exists.

0 comments

2 comments · 2 top-level

icedchai2mo ago

I've had SSH, SMTP, POP3, HTTP, HTTPS and many other services open to the world since the 90's. I have fail2ban running. It is not that scary.

2 more replies

dwedge2mo ago

Nothing would happen, ssh is designed to be open to the world. Using tailscale or a vpn to hide your IP is fine, but using tailscale ssh maybe not.

1 more reply

j / k navigate · click thread line to collapse