this post was submitted on 25 Jan 2026
109 points (99.1% liked)

Selfhosted

55012 readers
668 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
109
How do I avoid becoming one with the botnet? (programming.dev)
submitted 17 hours ago by bitcrafter@programming.dev to c/selfhosted@lemmy.world
53 comments fedilink hide all child comments
 

I find the idea of self-hosting to be really appealing, but at the same time I find it to be incredibly scary. This is not because I lack the technical expertise, but because I have gotten the impression that everyone on the Internet would immediately try to hack into it to make it join their bot net. As a result, I would have to be constantly vigilant against this, yet one of the numerous assailants would only have to succeed once. Dealing with this constant threat seems like it would be frightening enough as a full-time job, but this would only be a hobby project for me.

How do the self-hosters on Lemmy avoid becoming one with the botnet?

you are viewing a single comment's thread
view the rest of the comments
[–] Wxfisch@lemmy.world 35 points 16 hours ago (3 children)

Only expose services internally then use a secure VPN to access your services, this makes your network no more vulnerable in practice than not self hosting. If you need/want to expose something to the internet, make sure you setup your network right. Use a DMZ to separate that service and leverage something like CrowdSec along with good passwords, antivirus, and keep things patched.

[–] a1studmuffin@aussie.zone 9 points 16 hours ago* (last edited 16 hours ago)

Thanks for the CrowdSec tip, I've already got an nginx reverse proxy set up but wasn't aware I could integrate this for extra protection.

[–] BingBong@sh.itjust.works 4 points 16 hours ago (2 children)

How do I check this? I route everything on my internal network only. But how should I make sure its not accessible remotely? I cannot just have these on an air gapped network.

[–] Wxfisch@lemmy.world 7 points 15 hours ago

You can run a port scan against your public IP from another network to see what is open. But if you haven’t specifically set something up for external access through port forwarding you are probably fine.

[–] slazer2au@lemmy.world 3 points 15 hours ago

Throw your IP into Shodan.io and see what it comes back with.

[–] corvus@lemmy.ml 3 points 16 hours ago* (last edited 16 hours ago) (1 children)

Should I do the same if I want to expose an OpenAI compatible API to access an LLM to chat remotely on local technical documents?

[–] Wxfisch@lemmy.world 5 points 15 hours ago

It doesn’t usually matter what the service is, the basic concepts are the same. If you want to access a service you host on your internal network from another external network you either need to use a VPN to securely connect into your network, or expose the service directly. If you are exposing it directly you should put it (or a proxy like NPM) in your DMZ. The specifics of how to do this though will vary from service to service and with your specific network config.