How do you deal with malicious requests to your servers?
I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?
Edit: Thanks for the tips everyone!
You are viewing a single comment
I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?
Edit: Thanks for the tips everyone!
I only expose services on IPv6, for now that seems to work pretty well - very few scanners (I encounter only 1 or 2 per week, and they seem to connect to port 80/443 only).
Must be nice living in a post 1995 country... theres only 1 or 2 ISPs in Australia that support ipv6...
Lol, I have heard some ISP horror stories from the Down Under.
I am fortunate enough that my country's government has been forcing ISPs to implement IPv6 in their backbone infrastructure, so nowadays all I have to really do is to flick a switch on the router (unfortunately many routers still turn off IPv6 by default) to get an IPv6 connection.
Yeah the internet services here are really stuck in the past. Hard to tell if theyre taking advantage of the scarcity of ipv4 addresses to make more money somehow, or of theyre just too fuckn lazy
Iโm guessing theyโre on CG-NAT and someone upstairs thinks staying ipv4 reduces customer support costs.
Being put on CGNAT without IPv6 is terrifying.
Aussie supports full IPv6 and provide a /48
Isn't that akin to security through obscurity... you might want one more layer of defense
I still have firewall (that blocks almost all incoming connections) and sshguard setup. I also check the firewall logs daily, blocking IPs that I find to be suspicious.
I could probably do better, but with so few scanners connecting to my home server, I have managed to sleep way better than back when I setup a server on IPv4!
Also, even if my home server gets attacked, at least I know that my other devices aren't sharing the same IP with them... NAT-less is a godsend.