@ -19,13 +19,13 @@ The reason that this reads a bit like an obituary is because these services are
## Running servers is easy
What I liked about running these services is that it proved, time and time again, that running something on the web is not as hard as it is sometimes made to look. Dokku is not minimal software, but it did many useful things, and it cost me almost zero maintenance. Again: if you're looking to have a reproducible git-push-to-deploy, Heroku-like workflow, consider Dokku more than anything else. It's a joy to use and it is simple enough to understand how it plumbs together the tools underneath.
What I liked about running these services is that it proved, time and time again, that running something on the web is not as hard as it is sometimes made to look. Dokku is not a trivial piece of software, but it did many useful things, and it cost me almost zero maintenance. Again: if you're looking to have a reproducible git-push-to-deploy, Heroku-like workflow, consider Dokku more than anything else. It's a joy to use and it is simple enough to understand how it plumbs together the tools underneath.
I am not an expert in server security, I mostly know the basics: Don't use standard ports, do at least some basic monitoring, use strong keys / passwords, don't run unnecessary software, keep the software you run up-to-date, etc. Over the last four years or so, the longer the server ran, the more I was surprised how not-so-hard-at-all it was.
I am not an expert in server security, I mostly know the basics: Don't use standard ports, do at least some basic monitoring, use strong keys / passwords, don't run unnecessary software, keep the software you run up-to-date, etc. Keep the attack surface as small as possible. Over the last four years or so, the longer the server ran, the more I was surprised how not-so-hard-at-all it was.
## Stopping servers is easy, too
[fail2ban](https://www.fail2ban.org/wiki/index.php/Main_Page) is another really useful tool: It continuously scans your logs to see suspicious patterns like repeatedly failed login attempts. When it detects such patterns it updates your firewall to ban the IPs these attempts are coming from. When I first looked at fail2ban's activity, I was really not expceting to see that my VPS attracted enough automated login attempts to have a couple of hundred, sometimes a thousand bans triggered **per day**. None of the services running on it were well known, so it really surprised me and created a sense of a vague threat in the background.
[fail2ban](https://www.fail2ban.org/wiki/index.php/Main_Page) is another really useful tool: It continuously scans your logs to see suspicious patterns like repeatedly failed login attempts. When it detects such patterns it updates your firewall to ban the IPs these attempts are coming from. When I first looked at fail2ban's activity, I was really not expecting to see that my VPS attracted enough automated login attempts to have a couple of hundred, sometimes a thousand bans triggered **per day**. None of the services running on it were well known, so it really surprised me and created a sense of a vague threat in the background.
Last weekend this feeling of threat suddenly became very real.
