this post was submitted on 14 Apr 2026
41 points (95.6% liked)

Selfhosted

60093 readers
933 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
41
Security Scanning (lemmy.ml)
submitted 2 months ago by Zenlix@lemmy.ml to c/selfhosted@lemmy.world
15 comments fedilink hide all child comments
 

Hey guys. I have a few selfhosted systems that are available to the public. Its getting difficult to notice if any wrong port is still open or some web server is out of date. I am looking for a (foss) tool that can reguarly monitor my systems (via their public ip/domain) and notify me if any port that I not specifically allowed (in a config) is open. Additionally it would be cool if it checked all open ports if they provide out of date software (like webservers) or known security issues.

I found nikto, but it feels like its doing only half of what I want. greenbone feels way to bloated for my use case.

Do you know any kind of software that would do something like that?

you are viewing a single comment's thread
view the rest of the comments
[–] Hippy@piefed.social 8 points 2 months ago

Proper routers can be used to effectively firewall your services from the net (Cisco/Aruba/Juniper/Fortigate etc). Mikrotik is the cheapest.

For example, on a Mikrotik router in the IP filter rules:
Rule 1 - drop input traffic from a custom blacklist.
Rule 2 - accept input traffic that you want to port forward to your server. Rule 3 - accept established and related traffic (tcp sessions that have passed SYN ACK stage).
Rule 4 - add source IP to blacklist for input traffic that you dont want to port forward to your server. Example: not 443,22 will trigger on all other ports.

This way if someone is scanning your ports they will be blacklisted and then will never get back in even on your open ports. I manage some large networks and our blacklist grows by around 50k IP addresses per week that are just scanning the internet. With a setup like this you don't have to worry that much about the servers open ports or its firewall. You can also write to the router log all successful requests and their source IPs if you ever want to double check who's been getting in.