this post was submitted on 25 Jan 2026
143 points (98.0% liked)

Selfhosted

55083 readers
480 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
143
How do I avoid becoming one with the botnet? (programming.dev)
submitted 2 days ago by bitcrafter@programming.dev to c/selfhosted@lemmy.world
67 comments fedilink hide all child comments
 

I find the idea of self-hosting to be really appealing, but at the same time I find it to be incredibly scary. This is not because I lack the technical expertise, but because I have gotten the impression that everyone on the Internet would immediately try to hack into it to make it join their bot net. As a result, I would have to be constantly vigilant against this, yet one of the numerous assailants would only have to succeed once. Dealing with this constant threat seems like it would be frightening enough as a full-time job, but this would only be a hobby project for me.

How do the self-hosters on Lemmy avoid becoming one with the botnet?

you are viewing a single comment's thread
view the rest of the comments
[–] Wxfisch@lemmy.world 45 points 2 days ago (3 children)

Only expose services internally then use a secure VPN to access your services, this makes your network no more vulnerable in practice than not self hosting. If you need/want to expose something to the internet, make sure you setup your network right. Use a DMZ to separate that service and leverage something like CrowdSec along with good passwords, antivirus, and keep things patched.

[–] a1studmuffin@aussie.zone 12 points 2 days ago* (last edited 2 days ago)

Thanks for the CrowdSec tip, I've already got an nginx reverse proxy set up but wasn't aware I could integrate this for extra protection.

[–] BingBong@sh.itjust.works 5 points 2 days ago (2 children)

How do I check this? I route everything on my internal network only. But how should I make sure its not accessible remotely? I cannot just have these on an air gapped network.

[–] Wxfisch@lemmy.world 8 points 2 days ago

You can run a port scan against your public IP from another network to see what is open. But if you haven’t specifically set something up for external access through port forwarding you are probably fine.

[–] slazer2au@lemmy.world 4 points 2 days ago

Throw your IP into Shodan.io and see what it comes back with.

[–] corvus@lemmy.ml 3 points 2 days ago* (last edited 2 days ago) (1 children)

Should I do the same if I want to expose an OpenAI compatible API to access an LLM to chat remotely on local technical documents?

[–] Wxfisch@lemmy.world 6 points 2 days ago

It doesn’t usually matter what the service is, the basic concepts are the same. If you want to access a service you host on your internal network from another external network you either need to use a VPN to securely connect into your network, or expose the service directly. If you are exposing it directly you should put it (or a proxy like NPM) in your DMZ. The specifics of how to do this though will vary from service to service and with your specific network config.