| ▲ | bayindirh 19 hours ago |
| However, it'll also bring all the bots and "wild west" of the internet to your house when you run your web server from home, and for anyone who has a couple of spare dollars, it's a much wiser choice to run a small VPS elsewhere to weather the storm. |
|
| ▲ | bblb 15 hours ago | parent | next [-] |
| [Internet facing router with up to date firmware] --> HTTPS --> [separate VLAN DMZ] --> [my hardcore IndieWeb VM/k8s/bare-metal whatever] --> [x No outbound access / paranoid local firewall inside the VM x] [My home computer] --> SSH --> [my hardcore IndieWeb local cloud] That's about it. Safe enough. |
|
| ▲ | neogodless 19 hours ago | parent | prev [-] |
| shrug In 25 years of hosting a dozen domain names on a server on my home connection, this problem has not surfaced for me. |
| |
| ▲ | bayindirh 19 hours ago | parent | next [-] | | In 20 years of managing server fleets, I always had the pleasure of watching bots taking a dig at my server(s) the moment I give their public IPs and enable their interfaces. For someone who knows what they are doing, it's more like mosquito noise, a mere nuisance, but even then, using a rock solid system with all updates installed carries the risk of having a zero-day. If your server is networked to the rest of the house, and if somebody manages to get in, then it's all fun(!). | |
| ▲ | wolvoleo 18 hours ago | parent | prev | next [-] | | One time has to be the first and when you get hacked they're instantly inside your network unless you were smart enough to set up a DMZ or something. Especially if you host something like wordpress with plugins you really have to be on the ball with updates. | | |
| ▲ | superkuh 15 hours ago | parent [-] | | For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there. That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories. | | |
| ▲ | wolvoleo 15 hours ago | parent [-] | | Ok fair enough yes a static site is really low risk. Usually it's more involved than that though. |
|
| |
| ▲ | zikduruqe 17 hours ago | parent | prev [-] | | Yep, same here. fail2ban and some http 444 helps out. |
|