2

Worst case scenario after an attack

posted
by
Avatar
Suspicious-Iron-5526@alien.topB
in
Avatar
main@selfhosted.forum
14 comments
hidereport

As title says, i’m curious about the worst case scenario in which an attacker tries to hit my system.

The system configuration is the following: i have some services (important ones) accessible only trough VPN, like SSH (key-based auth only), Pihole…Others are publicly accessible, like Immich, Jellyfin (and so on…).Public ones are accessible via reverse proxy (Caddy) and protected by CrowdSec (which bans IPs outside my country and those failing auth 3 times).

What could happen if an attacker finds out a vulnerability on some public service? Would he be only able to access service’s files (like an appropriate login), or delete/encrypt data (as some cases of blackmail) or even pull out and steal my data?
I’m wondering this because i want to know if CrowdSec+Docker (to preserve permissions on the system) is enough to secure a server.

Sort:
HotTopControversialNewOld
Avatar
glotzerhotze@alien.topB
1 point

you lost your data and the confidence in your own ability to take care of „it“. life will go on - or not. it all depends on the data and context.

permalink
report
reply
Avatar
HoustonBOFH@alien.topB
1 point

Worst case is that you lose everything. The only way to protect that is an out of band pull type of backup. One that you servers can not get to or see, but can see your servers. Best at another location as well to protect against fire.

permalink
report
reply
Avatar
lilolalu@alien.topB
1 point

Depends on the vulnerability

permalink
report
reply
Avatar
WiseCookie69@alien.topB
1 point

What is your worst case, if someone gains access to your stuff? We can’t answer that. That doesn’t necessarily depend on your applications, but more in the data behind them.

Can be everything. From nothing to financial ruin through identity theft.

permalink
report
reply
Avatar
chaplin2@alien.topB
1 point

You are doing it wrong: SSH with key authentication is the most secure piece, and could even be public. Immich and Jellyfin surely have zero days and should be behind VPN

permalink
report
reply
Avatar
Suspicious-Iron-5526@alien.topOPB
1 point

Could you elaborate more on immich and jellyfin? I suppose you’re referring to a brute force attack. Isn’t a geoip block + 3 fail attempt to be banned secure enough?

permalink
report
parent
reply
Avatar
chaplin2@alien.topB
1 point

I’m referring to ZERO DAYs. OpenSSH is a serious security product. Those web apps are written by random people and probably riddled with vulnerabilities not known to public.

Here is the rule. Only a trusted vpn and ssh key authentication can be public.

permalink
report
parent
reply
Avatar
Suspicious-Iron-5526@alien.topOPB
1 point

Sorry for the misunderstanding. Perfectly right. Thanks for that

permalink
report
parent
reply

Self-Hosted Main

!main@selfhosted.forum

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

For Example

  • Service: Dropbox - Alternative: Nextcloud
  • Service: Google Reader - Alternative: Tiny Tiny RSS
  • Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Community stats

  • 23

    Monthly active users

  • 1.8K

    Posts

  • 11K

    Comments

Community moderators