[fragmede]

Somewhat. If you open port 22 up on an ip, you're going to get hit by bots scanning the Internet, trying to find an open server to ssh into. If you open port 80 or 443, you're going to get bots looking for /wp-admin.php just as soon as the domain name for it hits certificate transparency logs. The Internet's not a friendly place to be. It once was, but the default now is that someone is going to try and abuse anything you put up. Makes it hard to want to set up a new platform outside of the big centralized ones.

[alibarber]

In ham radio - we have a 'Q code' (abbreviation) for man-made noise: QRM (QRN is naturally occurring: thunderstorms and such). This is used mainly to refer to electrically noisy transformers, vehicles, misconfigured transmitters etc. Always been there, gets worse and/or better over time - but gotta figure out how to deal with it as part of the hobby.

When doing stuff on the internet, I've just decided to stop worrying and treat these scans like that above mentioned QRM. You can filter it a bit if you like [1], but really, a sensibly configured and maintained SSH server is as secure as it gets as far as I can see.

[1] https://alastairbarber.com/Building-Anycast-Network/#securit...

[graemep]

> If you open port 22 up on an ip, you're going to get hit by bots scanning the Internet, trying to find an open server to ssh into

This has been the case for years. I can remember this from logs for port 22, more than 20 yeas ago, I saw this.

[CM30]

Eh, as someone who runs a bunch of smaller sites and forums, I've not had any issues with scammers or hackers gaining access to them. Most of them are looking for obvious vulnerabilities via some sort of script, and usually assume the file names and database structure are the same for every site they target.

It's plenty possible to run an independent site with no issues if you keep things up to date and change a few things to thwart the most common attack attempts.

[tardedmeme]

Those scanners are low effort. Don't run vulnerable software and you're fine (this mostly means not running any website you didn't write, but wasn't that the point anyway?) Run it in a container and you're double-fine.

If you don't have a wp-admin.php who cares if someone is trying to access it? If you have one but it correctly validates your admin credentials, again who cares?

You can turn it into a fun project of making a honeypot.