|
|
|
|
|
|
by ge96
3236 days ago
|
|
|
Oh man I feel so dumb, you know despite what I can do. I guess that's the problem of trying to do everything you can only get so deep. Use certificates? What is that not keypairs? I logged into this Digital Ocean droplet and was surprised to see 15,000+ failed login attempts to SSH. I hadn't seen that before. I don't know if using PHPMyAdmin is noobish. I still primarily use MySQL/Maria (only). Thanks for the tips. I learn a lot though HN. |
|
|
Easy (read easier) to do with nginx: https://www.google.de/search?q=nginx+client+side+certificate...
It requires quite a bit of steps, but is as secure as it gets what web access is concerned.
You should not be surprised to see 15k+ failed login attempts on ssh with popular ISP's. As I said, a system is the most vulnerable when it has just been installed and a/the default root password has not yet been changed. Simply disallow password login on ssh, change the port and only allow non-root users you need to allow. I have on my systems only 1 user allowed to login, authenticated by a 4096b key. There is no way an attacker can use ssh if not using an ssh exploit. The system is updated automatically every hour. This way known exploits are very quickly taken care of.
For me, server security has been a practice over many years and it takes many years to perfect your 'secure server setup'. It's depressing how many companies do not adhere good security practices and just leave their systems unprotected. Especially mail servers.