Monday, June 8, 2026 at 17:10:05
Disallowed SSH password connections on port 22, set another port as an alternate, on larger system.
Here is the info (locked myself out a couple times first)
Cmd: systemctl edit ssh.socket
## This will allow alternate or multiple ports
## to be used with ssh. Each port must be set
## up individually for use with ip4 or ip6 or both.
## Alt. port must be open through firewall.
[Socket]
ListenStream=
ListenStream=0.0.0.0:YOUR_PORT
ListenStream=0.0.0.0:YOUR_ALT_PORT
ListenStream=[::]:YOUR_PORT
ListenStream=[::]:YOUR_ALT_PORT
## Restart stuff
cmd: systemctl daemon-reload
cmd: systemctl restart ssh.socket
## Check stuff
ss -tlnp | grep ssh
——————————–
## Edit file in /etc/ssh/sshd_config.d/*.conf
Port 22
Port 2222
PubkeyAuthentication yes
PasswordAuthentication no
Match LocalPort 2222
PasswordAuthentication yes
## Restart stuff
cmd: systemctl restart ssh
cmd: systemctl daemon-reload
cmd: systemctl restart ssh.socket
——————————–
## Login to specific alternate port using password.
ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password root@systemname -p 2222
So now, at least in theory, most of the login attacks will be thwarted just by only allowing pubkey logins on port 22. I will probably go through the other systems and do the same. At least the other ‘S’ system.
Friday, May 15, 2026 at 17:12:20
Getting scanned on one of the system by libredtail-http. So I’m blocking it on that server.
I tried adding this to apache2.conf, didn’t work:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond "%{HTTP_USER_AGENT}" "libredtail-http" [NC]
RewriteRule ^ - [F,L]
</IfModule>
So i tried moving it within the file, I tried adding the same thing to global-redtailban.conf in apache2/conf-available and running a2enconf global-redtailban, also didn’t work.
So I finally found something that said to add this to the apache2.conf file (replacing BadBot with the one I want to ban):
<If "%{HTTP_USER_AGENT} == 'BadBot'">
Require all denied
</If>
That seems to have done the trick.
Tuesday, April 28, 2026 at 10:32:09
Started it back up. Only important thing on there for now was vaproxy
Sunday, April 12, 2026 at 18:31:20
After discovering a number of issues, and having to fix network problems, I again tried to get the dual-wan up and running. I was successful, but the speed dropped from either WAN connection from about 900Mbps download (and 40Mbps upload) to 80Mbps give or take 15 for download, and 10-20Mbps upload. So I ran some more testing, and finally came up with a compromise setup, where everything can stay the same, except the gateway used will need to be changed on systems from 10.0.0.1 to 10.0.0.2. All else can remain the same. Oh, and it needs to be updated on local LAN dns server pintobean.
+--------------------+ +--------------------+
| | | |
| | | |
| XFinity | | T-Mobile |
| | | |
| 10.0.0.1 | | |
+^---------------+---+ +-------------^------+
| | |
| | |
| | +--------------------+ |
| | | | |
| | | | |
| +------> Dual-WAN +---+
| | |
| | 10.0.0.2 |
| +--------------------+
|
| ########
| #### ########
| ## ######
| # ###
| ## ##
| # LAN #
+----------------# #
## #
## #
##### #
####### ###
###### ########
--> Ascii chart made on Asciiflow.com
Tuesday, January 20, 2026 at 21:41:57
Something that runs around 6:19am on vps is shutting down apache2, then trying to restart/graceful restart it, but the restart fails because it runs BEFORE apache2 shuts down.
I’m currently attempting to edit /etc/needrestart/needrestart.conf (found this after hours of searching):
changed this:
#$nrconf{restart} = ‘i’;
to this:
$nrconf{restart} = ‘a’;
Fingers crossed.
Also, added this block to /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Post-Invoke-Success {
"if systemctl list-units --all --type=service | grep -q 'apache2'; then systemctl restart apache2; fi";
};