Replying to Avatar sommerfeld

I recently listened to a Darknet Diaries episode about the LinkedIn hack.

A russian hacker exploited a vulnerability in a public webserver for a personal website that a LinkedIn engineer self-hosted from his home. From there, the hacker was able to hop from the server, through his local network, to his work laptop. From the work laptop, he used the engineer's VPN credentials to get inside LinkedIn's internal systems and dump the databases.

That scared be into moving all my public webservers I self-host at home to a VPS.

I'm in the migration process right now, that's why my NIP-05 and lnurl are not working at the moment.
Avatar
Enki 2y ago

I am very selective about what I run from home. I have a large monthly VPS bill but if it helps midagate some of that risk im ok with it.

Reply to this note

Please Login to reply.

Discussion

Avatar
sommerfeld 2y ago

I have to admit before I was like: "not your metal, not your server".

I chose sovereignty over security, without any nuance.

From now on, everything public goes to the VPS (with regular backups in case it gets taken down), everything private stays at home.

The only port I want open in my house is a single UDP port for wireguard. Good luck trying to break through that!

Avatar
Michael Anton Fischer 2y ago

Life hack:

Hybrid node on VPS private channel to Tor home node.

Privacy and comfort.

Avatar
sommerfeld 2y ago

If by node you mean bitcoin, then absolutely no. Not your metal no your node.

Avatar
Lethal Lee 2y ago

Agree 100% with this stance.

nostr:note1n24kce5twttrnu9wyealxkkn2l74hgjeut7kmpe8sq5slm5jk60sx63n3z

Avatar
Enki 2y ago

yeah thats basicly how I think about it now a days. public shit is public with lots of backups and private is behind wireguard (also with lots of backups lol)

Avatar
NunyaBiznus 2y ago

Thoughts on things like Cloudflare Tunnels to proxy public facing services in lieu of opening ports on your network?

Avatar
sommerfeld 2y ago

I self-hosted behind a Cloudflare proxy as well. The fact is, it's impossible to fully secure a public webserver. Any motivated and resourceful attacker can find their way in.

The web (just http, not the Internet) is inherently insecure.

Avatar
NunyaBiznus 2y ago

Yeah, very true. This is why we can’t have nice things 😅