There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Illecors ,

It would be security theatre if it was done for security. I’m not doing it for security, though - it’s for my sanity when checking the logs. Unrestricted SSH simply attracts too many bots and the failed logins make it impossible to quickly grasp a picture of what’s happening.

In regards to limits - this is my rule file for iptables on my lemmy instance:


<span style="color:#323232;">*filter
</span><span style="color:#323232;">:INPUT DROP [0:0]
</span><span style="color:#323232;">:FORWARD ACCEPT [0:0]
</span><span style="color:#323232;">:OUTPUT ACCEPT [0:0]
</span><span style="color:#323232;">:LOG_DROP [0:0]
</span><span style="color:#323232;">:LOG_ACCEPT [0:0]
</span><span style="color:#323232;">
</span><span style="color:#323232;">-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
</span><span style="color:#323232;">-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 20 --name DEFAULT --mask 255.255.255.255 --rsource -j LOG_DROP
</span><span style="color:#323232;">-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
</span><span style="color:#323232;">-A INPUT -i lo -j ACCEPT
</span><span style="color:#323232;">-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -m recent --set --name HTTPS --mask 255.255.255.255 --rsource
</span><span style="color:#323232;">#-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -m recent --update --seconds 600 --hitcount 600 --name HTTPS --mask 255.255.255.255 --rsource -j LOG_DROP
</span><span style="color:#323232;">-A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
</span><span style="color:#323232;">-A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
</span><span style="color:#323232;">-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
</span><span style="color:#323232;">-A INPUT -j LOG_DROP
</span><span style="color:#323232;">
</span><span style="color:#323232;">-A LOG_ACCEPT -j LOG --log-prefix "[ACCEPTv4]: " --log-level 7
</span><span style="color:#323232;">-A LOG_DROP -j LOG --log-prefix "[DENYv4]: " --log-level 7
</span><span style="color:#323232;">-A LOG_ACCEPT -j ACCEPT
</span><span style="color:#323232;">-A LOG_DROP -j DROP
</span><span style="color:#323232;">COMMIT
</span>

This is very much a WIP, I’m going to implement some ddos protection as soon as I get some spare time.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •