this post was submitted on 17 Aug 2023
58 points (87.2% liked)
Fediverse
28496 readers
613 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Exactly. I went one step further and decided not to use my admin account as my main. I don't run around as root on servers so I try not to do that with apps. It's easier with Lemmy because once it's set up all the admin tasks hit my email.
I also wanted to avoid that vulnerability that hit Lemmy World a few weeks ago that was only possible because the server admin got their jwt stolen, which wouldn't have been so impactful if they weren't on the admin account.
I didn't read the story about how exactly he lost the jwt, but is it still as big of an issue since 2fa was introduced?
I guess existing jwt hashes will bypass 2fa, but I'm not super worried since my instance has 3 users.
2fa was in at the time. IIRC the jwt was granted after 2fa so it didn't matter.
You've got a point though, small instances aren't gonna be nearly as useful as a giant one to threat actors. Assuming you don't give them a reason to go after you specifically they wouldn't have a reason to target such a tiny server.
Still though, I don't need that shiny A next to my name so I'm good with how I have it set up.
You could really mess with people and use admin@ctrlaltelite.xyz but not have it as the admin account. hah. You host it at home or out "in the cloud"? Curious what others do.
I have a couple VPSes for my Tailscale exit nodes and one as an ingress/proxy for my selfhosted stuff at home. They're all super cheap and have unmetered* network connections. Kubernetes on some PIs and Lenovo tinys support all my services at home.
I have this one on a Hetzner server that runs me like $6/mo. I'm not comfortable with the federated nature of things potentially putting CSAM or other illegal content on disk in my home.
I use tailscale so I can still hit my internal (at home) git repos and all that. The rest of my stuff is all hosted on an old gaming PC I turned into a Proxmox host that sits in my spare bedroom. Of those services, I only expose like 3 things to the outside world. Nextcloud being the main one. I don't route it through my VPS, just proxy it through cloudflare.