I find the idea of self-hosting to be really appealing, but at the same time I find it to be incredibly scary. This is not because I lack the technical expertise, but because I have gotten the impression that everyone on the Internet would immediately try to hack into it to make it join their bot net. As a result, I would have to be constantly vigilant against this, yet one of the numerous assailants would only have to succeed once. Dealing with this constant threat seems like it would be frightening enough as a full-time job, but this would only be a hobby project for me.

How do the self-hosters on Lemmy avoid becoming one with the botnet?

  • Atemu@lemmy.mlEnglish
    62·
    9 hours ago

    Yikes, lot’s of bad advice in this thread.

    My advice: Go develop an actual threat model and find and implement mitigations to the threats you’ve identified.

    If you can’t do that, that’s totally okay; it’s a skill that takes a lot of time and effort to learn and is well-compensated in the industry.

    You will need to pay for it. Either through an individual assessment by someone who knows what they’re doing, managed hosting services where the hoster is contractually liable and has implemented such measures, by risking becoming part of a botnet or by not hosting in a world-public manner.

    My recommendations:

    • Pay for proper managed hosting for every part of your system that you are not capable of securing yourself. This is a general rule that even experienced people follow by i.e. renting a VPS rather than exposing their own physical HW. There are multiple grades to this such as SaaS, PaaS and IaaS.
    • Research, evalue and implement low-hanging fruit measures that massively reduce the attack surface. One such measure would be to not host in a manner that is accessible to the entire world and instead pay for managed authenticated access that is limited to select people (i.e. VPN such as Tailscale)
    • git gud