Like the title says, I’m new to self hosting world. 😀 while I was researching, I found out that many people dissuaded me to self host email server. Just too complicated and hard to manage. What other services that you think we should just go use the currently available providers in the market and why? 🙂thank you

    • vkapadia@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What is wrong with that? Don’t they still need correct credentials to connect?

      • Korlus@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The service itself is insecure. You need to hide it behind a more secure setup if you want to expose it to the internet. It’s been a long while since I tried, but I have some foggy memories of an RDP Server that would encapsulate the connection in an SSL tunnel and forward the connection to the remote machine rather than exposing the RDP client itself to the internet.

        Definitely do your research on how to do it securely before you just set it up and open it to the wild.

          • Korlus@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Oh sure, VPN is definitely the preferred way if you already have the infrastructure in place. My experience with the front-end RDP server was years ago as the sysadmin for a company. My experience is likely very out of date, and was very corporate-focused, rather than for an enthusiast.

            Nowadays I try not to touch Windows, and haven’t used RDP in years.

            • teem@alien.topB
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              These days there are so many bots scanning that you have to be so careful.

    • FlockSystem@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What do you mean by “clearly”. Open RDP without password protection?

      I often use RDP to access my desktop Windows 10.

        • FlockSystem@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Those vulnerabilites come from humans clicking on files they’re not supposed to click on. NO way of communication is secure against that. Not even the magic of Tailscale. RDP offers 2FA and has an encrypted connection. It’s fine!

          • FabianN@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Even Microsoft recommends against opening rdp to the web and to use a VPN instead.

            You’re playing with fire here.

            • FlockSystem@alien.topB
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Microsoft recommends against opening rdp to the web

              As far as a few google searches got me: No, they don’t.

    • teem@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Lol, I work at an attack surface scanning company. Every freaking company I talk to, with very few exceptions, has at least one of these. If not a whole infrastructure. Then they cry, “how did we get ransomware?”

    • HashtagMOMD@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I have a load balancer on my network that has opened one port on my home network. The load balancer is connected over the cloud flare and is encrypted on both sides. Is that okay?

      • kon_dev@alien.topB
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Why you chose to open a port, if you use cloudflare? Couldn’t you use cloudflare tunnel in that case?

    • SpongederpSquarefap@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Don’t try to be clever and change the port from 3389 to something else either

      Scanners can fingerprint traffic and just blast the other ports instead

      I (foolishly) did this a few years ago and luckily I had account lockout enabled

      Constant attempts all day long - they were even able to enumerate local users and try to log in as them (fortunately they never could cause the passwords were random keepass ones)

      Don’t do it, seriously

    • linkthepirate@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Psa for you guys that rdp over the net, turn that off, and use a VPN like wire guard or tail scale, or use something like apache guacamole.