Recently I restarted an old dream of having a home server out of an old computer. Years ago I took my old desktop and decided that it was a prime candidate. 64bit AMD processor 8GB's of RAM and a 1TB Hard drive seemed like the perfect fit. I had another 20GB hard drive laying around that I used as a host for the OS. Flash forward 5 years and when I'm actually in the IT field, and I decided to make the main HDD a TB as well. So I reinstalled Ubuntu 14.04 LTS, and started to play around.
One of the first things I couldn't wait to do was have the ability to SSH into my machine. I got this setup in a day and was so excited. So what is a person to do with this capability? Setup a DDNS and remote in via SSH. This seemed like the coolest thing in the world. The ability to sign in to my home server from anywhere!!! But wait, if I can sign in from anywhere, so could anyone else.
A friend of mine is a Project Manager for an IT company where I live. In particular, he manages projects in the security side of his company. So at lunch a couple days ago I was talking about my home server and how happy I was with being able to SSH into it from anywhere. The first thing out of his mouth was, "I hope you're not using default ports." My stomach dropped as I never changed anything that was default when setting anything up. As soon as I got home I grepped the auth.log file in the ssh folder for *failed and the results were daunting. At a minimum, I was getting hit every 4 seconds. Anywhere from Australia to Amsterdam, hackers were trying to hit my open ports.
So lesson learned that I want to share with anyone is if you want to create a home server that you expose to the internet, use a VPN, or if you stick with SSH, at a minimum change the default port.
-kwiknick
