Rimu

You’re going to have to prioritise.

Find changes that:

Save a decent amount of money Are low risk Don’t take too long to do Can be easily backed-out of

MailCow is similar except uses docker. I expect that will mean easier maintenance as it is less tightly bound to the underlying OS.

There was a really good discussion recently which will give you some ideas - see https://piefed.social/post/436507?sort=top

It’s a developed country, lol

Have you looked into using zram?

Lemmy has moderators and admins which remove CSAM. Plebbit was intentionally built in such a way that no one can remove anything. Extensive discussion of this at the OP’s original post https://lemmy.world/post/23704373. Ctrl-F for “censorship”

Something tells me the “I don’t host CSAM I just host posts that embed/link to CSAM (from other hosts)” argument won’t hold up in court.

YouTube is usually the first thing I open on first boot of a new machine. That way I know if the sound is working, network is working and video drivers are ok all at once.

I use my searxng instance several times a day.

DNS server/cache/pihole. If that goes down I can’t browse anything.

I also selfhost a SaaS that I built. It’s essential to me that it’s available to my customers although I don’t use it personally.

After X attempts to log in, it bans the IP address.

It will scan your wordpress files and alert you if any of them have changed in suspicious ways (hacked).

It can disable the xml-rpc endpoint which is rarely used and is a big vector for hacking.

… and a lot more but those are the main ones for me.

The WordFence plugin is a must-have for security.

If you use Caddy instead of Apache then you get SSL automatically. You’ll need php-fpm as well, tho.

Like a blog?

Check out Wordpress, Hugo or Ghost.

Ubuntu has a set of scripts you can run to harden a new server (not advisable on a server that has already been configured for something). You need an Ubuntu Pro subscription to access them but you can get a free trial and then cancel it after you’ve finished.

More info at https://ubuntu.com/security/cis.

I did this process for a customer recently and it was pretty straightforward and much much more thorough (over 100 configuration changes) than just tweaking SSH and fail2ban.

I expect other commercially-oriented distros offer something similar.

GPUs these days use a whole lot of power. Ensure your power supply is specced appropriately.

There was a discussion in this community about this 2 days ago. Check it out - https://lemmy.world/post/10777395

Cloudflare has been controversial for dragging their feet when it was time to stop providing protection to nazi websites like The Daily Stormer, 8chan and Kiwi Farms. Also the Taliban, ISIS and so on More about this.

For this reason, a lot of fediverse servers do not use CloudFlare.