| I switched from DigitalOcean to Hetzner for my cloud servers. They have a nice web firewall, that you could use. I use it to prevent access on some ports, for example on Port 22... But wait, how can you connect to Port 22 then? I use Tailscale as a VPN for this. I installed Tailscale on my local computer and my servers, so I can use the VPN to connect to this port. The less open ports, the better. What else...
Use fail2ban or CrowdSec for banning IPs that probe your server.
Don't use passwords for authentication.
Don't use root, use another user.
... stuff you maybe already heard of or know.
Here is a link to get started: https://blog.codelitt.com/my-first-10-minutes-on-a-server-pr... If you knew this already, sorry, I wasn't sure where to start. Maybe use a Hoster that provides 'Snapshots'. So you can safely play around and if something happens, just revert to your last snapshot, so you don't loose your previous work. If you spin up a server, maybe use cloud config. You can use it to 'bootstrap' your server and let it install your main tools while it gets provisioned. It looks something like this (HackerNews removes my line breaks...):
#### #cloud-config for installing fail2ban package_upgrade: true packages: - fail2ban
runcmd: - [ systemctl, enable, fail2ban ]
- [ systemctl, start, fail2ban ]
####If you start and mess up something, it's handy if you have a cloud init to start a new server and don't have to install the basic stuff again ;-) |