How can I best protect the digital security of my server?

Hello, I had previously managed to host a minecraft server using my home internet and an old computer running ubuntu server. Something I noticed, though, was my Spectrum app notifying me of numerous (failed/prevented) attacks on my network. I don’t really think I did much to protect the server other than set a password. I tried following a youtube video of increased security measures to take, but ultimately, I didn’t understand my way around Linux Server too well, so I decided to kill the server until I could figure out how to keep it secure. Does anyone using ubuntu server have any advice on how I can protect my server from hackers? Thank you!
31 Replies
bedwersXD
bedwersXD2w ago
fail2ban
𝒟𝑜𝓂𝒾𝓃𝒾𝒸
Tunneling or port forwarding You should, NEVER, under NO circumstance, forward port 22 SSH (non cloud services) should NEVER be open
jonasdfjkl
jonasdfjklOP2w ago
yeah i’m pretty sure i had port22 open for SSH i would access the server from a terminal app on my phone or my windows powershell does non cloud services refer to something like WebAdmin?
jonasdfjkl
jonasdfjklOP2w ago
Tech By Matt
YouTube
Building a $100 Minecraft Server! (2025)
Welcome to my latest video featuring a build a setup of a sub $100 game server! Parts Mentioned(Affiliate Links): PC Used: https://www.ebay.com/itm/205151239397 PC on Amazon: https://amzn.to/4hFVt15 PC on Newegg: https://howl.link/2w6jstnxwvg4o RAM Amazon: https://amzn.to/4aKSh1J RAM Newegg: https://howl.link/9p8u6egqvblri SSD Amazon: https:...
jonasdfjkl
jonasdfjklOP2w ago
i watched this video and that’s what rekindled my interest in a server and how i found out about webadmin
Upioti
Upioti2w ago
Would recommend not exposing resi ip at all, tunnel or proxy using a ddos protection service, or at least a vps
bedwersXD
bedwersXD2w ago
if it is a small server tunnelling works great ngrok works (but does require a subscription) highly recommend it
Upioti
Upioti2w ago
Just use either a protected vps or a mc l7 proxy so you don't get 10gbps fowarded to your home router
ProGamingDk
ProGamingDk2w ago
1 gb traffic is insanely little and yeah needs credit card and not made for it
bedwersXD
bedwersXD2w ago
true
Louis_Dew
Louis_Dew2w ago
Then how should I access the server?
ProGamingDk
ProGamingDk2w ago
vpn etc cloudflare ssh infrastructure access is cool aswell
Louis_Dew
Louis_Dew2w ago
As of right now, I only have the ssh port forwarded to my home IP. Is that safe?
iRazvan2745
iRazvan27452w ago
use tailscale and make ssh only accept connections from the tailscale ip
SilentBot
SilentBot2w ago
Or alternatively, IP whitelist, if you don't want to setup tailscale only for ssh
bedwersXD
bedwersXD2w ago
doesnt work that well imo
SilentBot
SilentBot2w ago
Aside from having to change it when your IP rotates, it's quite literally as basic as it gets
iRazvan2745
iRazvan27452w ago
just use tailscale, its amazing
bedwersXD
bedwersXD2w ago
for me it rotates a LOT which is annoying lol havent used tailscale, i should try it
unddasnoch
unddasnoch2w ago
I tunnel through a VPS, but it was unbearably difficult to do that
Jenkins
Jenkins2w ago
it's fine
jonasdfjkl
jonasdfjklOP2w ago
wouldnt it be a non-issue if you reserve the ip address for the device you are connecting from? i have installed tailscale, but does it only matter for SSH? i noticed i could still connect to the local mc server using the regular 192.168.x.y address i also have to use the 100.x.y.z tailscale IP for webmin but not for AMP (where i manage server instances). i followed the tutorial to get SSH only thru tailscale but cant figure out how to repeat the process for other ports. if it doesnt matter, then thats cool too. i am not portforwarding anything as i am tunneled with playit.gg
bedwersXD
bedwersXD2w ago
well, if you don’t expose the ports to the Internet, you should be good to go doesn’t matter since the ports are only exposed locally
jonasdfjkl
jonasdfjklOP2w ago
thank you!
𝒟𝑜𝓂𝒾𝓃𝒾𝒸
It’s better to use a vpn then You can access all local ports when you are connected Wireguard is a good choice, good encryption and speed
bedwersXD
bedwersXD2w ago
I have tried tailscale, looks like it exposes all ports .-.
Programmer / Nerd / Human
Use playit.gg they have haproxy supported you can enable that in your proxy server to forward players real ip addresses to your backend servers as well and it's free I don't know if they have ddos protection though
iRazvan2745
iRazvan27452w ago
only to your tailscale network aka only to you and people logged into your tailscale account
bedwersXD
bedwersXD2w ago
yes
SilentBot
SilentBot2w ago
That's why you add ACLs to your network As (typically?) you wouldn't want server 1 to ssh into server 2 (though can be useful for file copying, etc.) You'd only want your desktop to ssh into 1 or 2

Did you find this page helpful?