Hardware: VPS bought online YunoHost version: 11.0.9.15 I have access to my server : Through SSH Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Hi guys,
hope you had a nice weekend. The question in the title popped up in my head a while ago but I never got the chance to research it deeper. Any idea if that is true? The dashboard is really easily to check for by a bot and perform attacks if the yunohost-api is enabled. That’s why I keep it disabled when I don’t use it (which is most of the time).
In addition to Fail2Ban I’ve also found the OpenSource CrowdSec (free, full featured community version) to be very useful.
CrowdSec doesn’t have anything specific to Yunohost, but does offer very good protection overall.
Additionally it shares attacks with all instances of CrowdSec. Currently there are over 16,000 IPs on the community blacklist. It’s updated continuously 24/7.
Plus it’s quick and simple to install. Since there is YunoHost doesn’t know about it, install and updates need to be done at the command line.
I’ve no connection with CrowdSec other than I’ve been using it since it was in Alpha.
Well worth a look if you are comfortable with the CLI of your server.