Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.

Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.

Rolled back to the backup before I made it public and now I have a security checklist.

  • cm0002@lemmy.world
    11·
    1 day ago

    because the password was the generic 8 characters and there was no fail2ban to stop guessing

    Oof yea that’ll do it, your usually fine as long as you hardened enough to at least ward off the script kiddies. The people with actual real skill tend to go after…juicer targets lmao

    • Tablaste@linux.communityOPEnglish
      11·
      1 day ago

      Haha I’m pretty sure my little server was just part of the “let’s test our dumb script to see if it works. Oh wow it did what a moron!”

      Lessons learned.