How can I best protect the digital security of my server?
Hello, I had previously managed to host a minecraft server using my home internet and an old computer running ubuntu server. Something I noticed, though, was my Spectrum app notifying me of numerous (failed/prevented) attacks on my network.
I don’t really think I did much to protect the server other than set a password. I tried following a youtube video of increased security measures to take, but ultimately, I didn’t understand my way around Linux Server too well, so I decided to kill the server until I could figure out how to keep it secure.
Does anyone using ubuntu server have any advice on how I can protect my server from hackers? Thank you!
31 Replies
fail2ban
Tunneling or port forwarding
You should, NEVER, under NO circumstance, forward port 22
SSH (non cloud services) should NEVER be open
yeah i’m pretty sure i had port22 open for SSH
i would access the server from a terminal app on my phone or my windows powershell
does non cloud services refer to something like WebAdmin?
Tech By Matt
YouTube
Building a $100 Minecraft Server! (2025)
Welcome to my latest video featuring a build a setup of a sub $100 game server!
Parts Mentioned(Affiliate Links):
PC Used: https://www.ebay.com/itm/205151239397
PC on Amazon: https://amzn.to/4hFVt15
PC on Newegg: https://howl.link/2w6jstnxwvg4o
RAM Amazon: https://amzn.to/4aKSh1J
RAM Newegg: https://howl.link/9p8u6egqvblri
SSD Amazon: https:...
i watched this video and that’s what rekindled my interest in a server and how i found out about webadmin
Would recommend not exposing resi ip at all, tunnel or proxy using a ddos protection service, or at least a vps
if it is a small server tunnelling works great
ngrok works (but does require a subscription)
highly recommend it
Just use either a protected vps or a mc l7 proxy so you don't get 10gbps fowarded to your home router
1 gb traffic is insanely little and yeah needs credit card and not made for it
true
Then how should I access the server?
vpn etc
cloudflare ssh infrastructure access is cool aswell
As of right now, I only have the ssh port forwarded to my home IP. Is that safe?
use tailscale and make ssh only accept connections from the tailscale ip
Or alternatively, IP whitelist, if you don't want to setup tailscale only for ssh
Wireguard
doesnt work that well imo
Aside from having to change it when your IP rotates, it's quite literally as basic as it gets
just use tailscale, its amazing
for me it rotates a LOT
which is annoying lol
havent used tailscale, i should try it
I tunnel through a VPS, but it was unbearably difficult to do that
it's fine
wouldnt it be a non-issue if you reserve the ip address for the device you are connecting from?
i have installed tailscale, but does it only matter for SSH? i noticed i could still connect to the local mc server using the regular 192.168.x.y address
i also have to use the 100.x.y.z tailscale IP for webmin but not for AMP (where i manage server instances).
i followed the tutorial to get SSH only thru tailscale but cant figure out how to repeat the process for other ports. if it doesnt matter, then thats cool too. i am not portforwarding anything as i am tunneled with playit.gg
well, if you don’t expose the ports to the Internet, you should be good to go
doesn’t matter since the ports are only exposed locally
thank you!
It’s better to use a vpn then
You can access all local ports when you are connected
Wireguard is a good choice, good encryption and speed
I have tried tailscale, looks like it exposes all ports
.-.
Use playit.gg they have haproxy supported you can enable that in your proxy server to forward players real ip addresses to your backend servers as well and it's free
I don't know if they have ddos protection though
only to your tailscale network
aka
only to you
and people logged into your tailscale account
yes
That's why you add ACLs to your network
As (typically?) you wouldn't want server 1 to ssh into server 2 (though can be useful for file copying, etc.)
You'd only want your desktop to ssh into 1 or 2