I have often wondered since our friendly and helpful bot arrived, what would happen if we made a thread where everyone used as many acronyms as possible in our comments. It’s actually one of the more cooler bots I’ve seen in a while. Especially for new arrivals who don’t spreken ze Lingley. Crackin’ iidea.

I run the Suricata package in pFsense which I would say is kissing cousins to Snort. It actually does work very well. In fact, on occasion, too well. I’d rather that that just having my jimmy hanging out in traffic. I also employ the pfblockerng’s massive feed lists, and Tailscale packages on the standalone pFsense firewall, and a VPN on all devices. Network so tight they call it virgin. LOL Not really, but I tend to go a bit overboard on security measures.

I can’t believe oicu812.xyz is available.

Open port 22

Wait 10 minutes

Prepare your anus

I am guess the folks giving me grief about asking for a petition tool

I am very politically active. I do calling campaigns, protest, vote, march, et al. I don’t think the majority of people here are giving you grief about advocacy. Scanning back through the thread, I get the impression that what people are trying to get you to understand is that personally identifiable information is not something you take lightly.

I received a letter the other week telling me that a medical firm that houses my data, was breached. The hackers potentially got SSN, names, addresses, and a fist full of other data. They are offering me free life time credit scanning security services in a bid not to be sued in court by hundreds of thousands of people en masse. This is a multi billion dollar corporation, not some selfhosted mini server running fail2ban. So there are serious ramifications when it comes to personal data being leaked, and if it happens on your server, you are liable.

I left tit in the box

In another life I worked as a Mech Eng for a Contractor firm. The rule was ‘If you didn’t write it down, it didn’t happen’. Over the years, that has bled into my personal life as well. I hear what you’re saying, and from what I’ve digested regarding Ansible, it is a quite powerful and capable package. However, let’s let OP stand up his first server. He’s already stressed about not being a botnet victim. So, perhaps some rudimentary steps are in order. Then you can blow his mind with Ansible. LOL

I pay 0.04 USD per day with NamesCheap privacy included.

Piefed requires your email to sign up.

But aliases exist.

I don’t want the free petition websites online getting my personal network’s info and sharing or selling it

Ok, but by the same token I would not sign a serious, selfhosted, petition entering pii. I don’t know what you’re doing with my information. You could be sharing it or selling it even.

I promise I’m not shitting on your project. It just makes me very uncomfortable. Data protection regulations aren’t something to dismiss offhand.

pFsense + IDS/IPS segmenting network and a robust set of rules would pretty much get you there.

The only dockerized one that I know of is Petition-Engine, however, after 11 years, I’d say it’s time to poke it with a fork. I’ll tell you quite honestly, I would use any number of petition services on the internet and place a link on your site vs running it yourself for reasons @CameronDev@programming.dev @programming.dev mentioned. You could use a link, or some type of iframe.

Yes…yet another comment. LOL Something you should do from the very start is take notes of everything you do on the server. I use Notepad++ for the rough draft while I’m setting something up. Copy/paste, write out commands, notations, what this or that does. Take prolific notes. I really can’t stress that enough. That way, if you need to back out of something, or if the wheels fall off, you can go right back to your notes. Don’t be lulled into the idea that you will be able to remember every last keystroke you’ve made. That rarely happens. Take notes.

When I have successfully deployed whatever I’m working on, then I go back, take my notes, clean them up, and place them in Obsidian and make backups of them.

If I really need to master all of the steps that you’ve described before deploying my host on the Internet, then my conclusion is that it is more trouble than it is worth, because my concern is that if I screw up then I will make the Internet a worse place by contributing to botnets.

Nah dude. You’re not going to make the internet worse because a bot opened a door you thought was locked and let himself in. That’s rubbish. Do some reading, study up, deploy the server. Monitor before you start putting any PII on the server. Deploy a couple fun Docker containers. Monitor. Build your confidence.

Don’t let fear get the best of you. I have a load of fun with my set up as, like you, I love to tinker. Nothing I have done can’t be replicated through studying, asking questions, deploying in gradual steps. I have no certifications or any of that pro stuff some of these guys have. Just a regular schmoe. It really isn’t that much hassle once you get everything set up and you have confidence in your server’s defenses.

DO IT!!!

Dealing with this constant threat seems like it would be frightening enough as a full-time job, but this would only be a hobby project for me.

Hobbyist/Enthusiast here. Most of the bots are autonomous. They are deployed and constantly sniff for any little cracks and crevasses in the armor. Don’t be fooled tho, they are quite sophisticated. I see some have mentioned fail2ban, and Crowdsec. Both are very capable. UFW (uncomplicated firewall) is also very good. When I set up UFW and my external, standalone pfsense firewall, the way I go about it is to block everything, then step by step, open only the ports that absolutely have to be opened.

Tailscale is also a great overlay vpn along with netbird. Tailscale can also be used as an emergency entry to your server should you lock yourself out, so it has multiple uses. Additionally, since you say you have technical knowledge, Cloudflare Tunnel/Zero Trust pretty much wraps everything up. I know there are a lot of selfhosters dead set against Cloudflare, so that’s a decision you have to make. Cloudflare does not require you to open ports or fiddle with NAT. You set it up on your server, Cloudflare takes care of the rest. If you wanted additional protection, you could install Tailscale as an overlay on the server. The caveat to using Cloudflare Tunnel/Zero Trust is that you have to have a domain name that allows you to enter and use Cloudflare’s name servers for obvious reasons. You can get a domain anywhere although Cloudflare will sell you one if you wish to go that route.

Since I am the only user of my server, I’ve taken the additional step of implementing the hosts.allow/hosts.deny TCP Wrapper ACL files (although you can have multiple users with hosts.allow/hosts.deny). If you go this route, make sure you do the hosts.allow, so that when you edit the hosts.deny you’ll enter ALL : ALL for a default‑deny stance. For my purposes, multiple users cause multiple issues, so I don’t share. :p

Probably should go without saying you should use ssh keys when administrating the server via ssh.

ETA: Hope everyone is safe in the US with this frigid weather.

ETA2: If you decide to go with Cloudflare Tunnel/Zero Trust, I have some notes that seems to have helped several people and I would be happy to share them.

Shazam! I didn’t know it did face recognition.

Agreed. This is legit so cool, but I just don’t have a use for it myself.

In between preparing for the snowpocalypse, I’ve been scratching my head, because this seems huge. Two very capable dev teams/softwares combined their wonder twin powers, and it looks so awesome.

Still don’t have a use case, but damn that looks sweet for someone who does.

One of the features of Self-Host Weekly is the Command Line Corner. I always scroll right to that first thing

There are Safe Harbor laws, however, these vary by jurisdiction, country, etc. It would be a litigation I wouldn’t want to get involved in. I’m not crapping on your deployment idea. I’m just very cautious…perhaps overly cautious.

Plus, the cryptomater ‘containers’ are portable.