I found an 8-year-old project on GitHub that had similar ideas but is unmaintained and not quite what I needed.

In the back on my mind I was thinking ‘I could have sworn I had seen Dockwell somewhere before’.

It’s one night of work, so take that for what it is

The honesty is refreshing.

It’s interesting for sure. I was intrigued when I saw OG Dockwell, but like you, saw it was quite stale.

Certainly. I don’t discount that any exploit is ‘really bad’. I like my OS of choice to be as free of exploits as it can possibly be. However, some of the material I was reading involved areas of Linux that I have little if any knowledge of value with, so I thought I’d as the question.

RFC: As I understand it this exploit requires local access and cannot be deployed remotely. Is this a correct analysis?

a month.

I do it for a whole year. lol

If this is real, I honestly do empathize with your situation. Try some local community outreach programs like food banks, child services, etc. There is no reason to be embarrassed by being down on your luck. Anyone who has lived on this planet for any length of time has been there too. I am sorry that I cannot help with your situation further, and I certainly hope you get things back on track for you and your family. Best wishes.

ETA: I am not aware of any such forums here on Lemmy that could help.

What I personally do is run an overlay VPN like tailscale and allow SSH in only via that.

Same. I use Tailscale as an overlay on the pFsense box and the server itself.

Just 54? Those are rookie numbers bro. You need to open up a few more ports. LOL Honestly tho, seems pretty standard. You could change the SSH port which might lower some of the noise but bots now days are pretty sophisticated and it would be trivial to just scan your server and find out which port is SSH. If you want to stop tailing fail2ban nervously on the daily, you could use the hosts.allow/hosts.deny which would lock it down even further. Just remember to set host.allow first then host.deny. You could also deploy any number of secondary security packages like CrowdSec, Wazuh, et al.

I’ll throw in my vote for pFsense. Pretty comprehensive package.

Weird

Dumbass here…why would a VPN block incoming connections? Seems counter to what a VPN does.

Absolutely. It’s quite effective.

Went back to Unbound on my OPNsense router.

Yeah. I get more mileage with pFsense + unbound

I have used Pi-Hole but not Technitium. As I understand it, Technitium has some more options than that of Pi-Hole + Unbound that power users may appreciate.

Sure, I get that. It’s just two things I don’t selfhost.: Password Managers, and anything financial.

Basically, because I feel that Bitwarden built this massive network with layers of security that I just don’t possess, and their track record is very good in that regard. Yes, they have had some breaches, but none that I am aware of where its central user database or encrypted vaults were exposed. The latest was a supply chain incident in April 2026 which was part of a broader supply chain attack affecting Checkmarx, not a direct compromise of Bitwarden’s infrastructure.

Ooof! I think I have a pretty robust network security deployment. I’m just not convinced 100%, and therefor I am prohibited from deploying any self hosted password manager. Too risky. I know there are 1000s of people who, and kudos to you for being able to sleep at night. Your security must rival the SCIFs.

As much as you may dislike Google, I got to hand it to them, they have and always have a ton of skunk works projects.

Or even better buy a mini PC with many net ports and install opnSense, but in this case you will need a separate wifi router and/or dedicated switch since any opnSense device will only work at perimeter level

I went with this option except using pFsense in lieu of OpnSense. My own modem, router, and managed switches.

Let’s talk about AI usage like adults please

Unpossible. AI doesn’t bother me, it just bothers a shit ton of other people. It comes down to my own choice to use the software or not. I don’t need to disparage or denigrate a project that uses AI. I am a fully autonomous adult capable of making my own decisions. That said, it would be good for the devs of said projects just be upfront about it all. Trying to obscure that fact just makes things worse. Of course, it’s 2026 and it’s almost a forgone conclusion that devs have used AI in some form or fashion in their projects.

It reminds me of back in the day when everyone wanted to get on the ‘creating websites for a living’ bandwagon. There were people going around boasting about how elite they were because they raw dogged the code in notepad. I guess some have the need to feel superior.

Was it hard to set up? Any field expedient modifications, adjustments, or fiddling? I’ve got a ton of old HDD from desktops, laptops, old servers sitting in one of my closets. Hmmmmmm