DDoS Mitigation: Teaching Your Server to Say No Politely (Then Impolitely)
DDoS mitigation for self-hosters: Nginx rate limiting, Fail2ban, Cloudflare free tier, CrowdSec, and iptables tricks that actually work.
Tag: security
All the articles with the tag "security".
SSH Hardening: Lock Down Remote Access Without Locking Yourself Out
Harden SSH properly: disable password auth, switch to Ed25519 keys, configure sshd_config, set up SSH certificates with step-ca, add 2FA, and configure ProxyJump for bastion hosts.
Vaultwarden vs Bitwarden: Own Your Passwords Before Someone Else Does
Why trust a cloud with your passwords? Compare Vaultwarden and Bitwarden self-hosted — lightweight vs full-stack, Docker setup, backups, and which one to actually run.
Proxy Chains and Anonymization: What Actually Works and What's Just Theater
Proxy chains, Tor, proxychains-ng, and VPN+Tor combos: an honest breakdown of what actually protects your privacy and what's security theater.
Linux Audit Log: What's Really Happening on Your Server
auditd logs every system call, file access, and command. Learn ausearch, aureport, and writing audit rules.
The sudoers Mistake Everyone Makes Once
Never edit /etc/sudoers directly. One syntax error locks everyone out. Use visudo, understand NOPASSWD risks.
Why Your TLS Certificate Isn't Trusted
Incomplete cert chains, wrong order, self-signed certs. How to diagnose trust failures with openssl s_client.
Certificate Expiry: Monitor Before the 3 AM Call
Certs expire silently. Check expiry with openssl, automate renewal checks with cron, get alerts before disaster.
The Firewall Rule Order That's Breaking Your Setup
Firewall rules are evaluated top-down, first match wins. One misplaced ALLOW rule silently defeats all security.
Sticky Bit, Setuid, Setgid: Linux Special Permissions Explained
Understand sticky bit, setuid, and setgid: what they do, how to set them, security implications, and real-world use cases.
Is fail2ban Actually Working? Here's How to Check
Verify fail2ban is protecting you: check jails, test bans, monitor logs, common misconfiguration, and unban IPs when needed.
SSHFS: Ditch SCP & Access Remote Files
SSHFS mounts remote filesystems over SSH so you can browse and edit files locally — faster than scp for interactive work.