Today I woke up to find my site down and for the first time self-hosting any project, it made me panic.
All the time I’d spent setting up NGINX, Let’s Encrypt, let alone networking (wasn't as fun tbh)…was it all gone?
The first problem, the malicious requests
After digging into the NGINX logs, I found signs of exploit attempts, someone was probing for known PHP vulnerabilities (CVE-style stuff targeting outdated systems). Luckily, my system was updated.
I immediately banned the source IP and decided it was time to work on my homelab’s security.
Here's what I did next:
- Set up Fail2Ban to detect and block brute-force SSH attempts and common web-based exploits targeting nginx and other internet exposed services.
- Tuned the jail configurations for better log monitoring.
- Setup Email notifications to alert me when Fail2Ban actually bans someone or when things just go south.
But That left one other problem, why isn't my site reachable?!
Next up, problematic DDNS
Well, it turned out really simple (Took me a couple of hours to debug😭)…..My dynamic DNS client wasn't properly starting and as a result wasn't updating.
So I just created a systemctl service that starts the noip-duc daemon, enabled it, restarted my server and viola, back in business.
Today's experience despite it's not so good timing (I'm prepping for my Finals) helped me experiment a bit more, improve my debugging skills outside of coding environments and better understand some security aspects and why they are there in the first place. All of this is one of the main reasons why I started this tiny homelab.
Note:
This blog was written at a previous date than the one mentioned above and originally posted on my Linkedin. The reason for the repost is This is he first actual blog on this site and I'm still testing things out. Thanks for reading, Happy coding.