Szwendacz

Do you think that exposing directly to internet many #selfhosted services used for storing personal data like files, notes, etc.. might be dangerous? Or rather what is the level of risk, because there always is. I do all the typical stuff to protect it, like having updated version, using 2FA, proper https, passwords....

As a fun fact for those who have no experience with that I can tell that for example a SSH server on default port with public IP is tried by bots average 1 time every minute.

Jun 19, 2022 at 6:52pmWeb
Show threadAndyPJun 19, 2022
@Szwendacz I used to do that and stopped. You're obviously soemwhat protected by "security by obscurity." It way safer than using a public service like Google, Microsoft of Facebook, because you're not much of a target. When I wanted to lock it down, I set up Raspberry Pi PiVPN. My phone automatucally VPNs into my house as soon as it leaves my home WiFi. My laptop and tablet have VPN profiles on them, so i can connect to home as needed to acces that stuff.
Show threadChristian HornJun 19, 2022
@Szwendacz The risk of loosing data with #selfhosted services is real, one should carefully consider it.
It's not zero when you store your data on servers of companies either.
Using non default ports, putting services which are not meant for the public onto a VPN like OpenVPN or Tailscale are worth considering.
Show threadChristian HornJun 19, 2022
@Szwendacz Also, considering complexity of code when selecting the service makes sense.
openssh, which is packaged with the distro is well used over the world and can easily be updated. A picture gallery with 100 node-js modules as dependency not so much.
Show threadSzwendaczJun 20, 2022
@globalc
I typically take into consideration what the software is, and rather not open to world stuff that is not designed to do so or is rarely published. If there would be an exploit discovered by someone, he would rather focus first on big targets, not some random selfhosted.
Show threadT.F.G.Jun 20, 2022

@Szwendacz

I run my Nextcloud server in my LAN only. If I need to access it from outside, I use VPN. Would it be save to run it exposed? I guess so. I'm an ecperienced it guy, nextcloud and my OpenBSD host are most likely secure and well configured. Only http/s accessible from outside.
Would it be more convenient? Hell yeah.

But I'm paranoid. Paranoia keeps your files save ^^

Never trust anything. Especially when it comes to online services.