this post was submitted on 28 Sep 2025
56 points (98.3% liked)

Selfhosted

51841 readers
581 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
56
Do bots/scrapers check uncommon ports? (lemmy.dbzer0.com)
submitted 1 day ago by confusedpuppy@lemmy.dbzer0.com to c/selfhosted@lemmy.world
34 comments fedilink hide all child comments
 

When I first got into self hosting, I originally wanted to join the Fediverse by hosting my own instance. After realizing I am not that committed to that idea, I went into a simpler direction.

Originally I was using Cloudflare's tunnel service. Watching the logs, I would get traffic from random corporations and places.

Being uncomfortable with Cloudflare after pivoting away from social media, I learned how to secure my device myself and started using an uncommon port with a reverse proxy. My logs now only ever show activity when I am connecting to my own site.

Which is what lead me to this question.

What do bots and scrapers look for when they come to a site? Do they mainly target known ports like 80 or 22 for insecurities? Do they ever scan other ports looking for other common services that may be insecure? Is it even worth their time scanning for open ports?

Seeing as I am tiny and obscure, I most likely won't need to do much research into protecting myself from such threats but I am still curious about the threats that bots pose to other self-hosters or larger platforms.

you are viewing a single comment's thread
view the rest of the comments
[–] A_norny_mousse@feddit.org 1 points 1 day ago (1 children)

SSH keys are absolutely essential, but those are actual security as opposed to what I wrote above. I should've made that clearer.

My SSHD is setup to only accept keys with no passwords and no keyboard input.

I don't see how that improves security. Surely an SSH key with an additional passphrase is more secure than one without.

[–] confusedpuppy@lemmy.dbzer0.com 1 points 1 day ago (1 children)

I agree with the last point, I only mentioned that because I don't really know what other setting in my SSHD config is hiding my SSH port from nmap scans. That just happened to be the last change I remember doing before running an nmap scan again and finding my SSH port no longer showed up.

Accessing SSH still works as expected with my keys and for my use case, I don't believe I need an additional passphrase. Self hosting is just a hobby for me and I am very intentional with what I place on my web facing server.

I want to be secure enough but I'm also very willing to unplug and walk away if I happen to catch unwanted attention.

[–] A_norny_mousse@feddit.org 1 points 1 day ago* (last edited 21 hours ago) (1 children)

Sounds like a healthy attitude towards online security.

I'm doing my first ever nmap scan right now, thanks for the inspiration. It's taking a long time - either my ISP does not like what I'm doing there or I'm being too thorough - ~~but it looks like it does not see my SSH port either.~~

[–] confusedpuppy@lemmy.dbzer0.com 1 points 23 hours ago

I started with a local scan first, something like nmap 192 168.40.xxx for a specific device or nmap 192.168.40.0/24 for everything in your current network.

Nmap is quite complex with lots of options but there's a lot of guides online to help out with the basics. You can press enter in your terminal while the scan is running and it should give a progress report.