I like it, it was released a couple of days ago so something might require a bit more polishing but overall it looks better to me.

I have heard of several cloud screw-ups as well, leading to charges of several thousands.

On one side this can happen if you experiment something outside of the free machine(s), on the other side you have all the reporting and notification tools to avoid surprises.

Nonetheless, I still see your point, reason why I prefer to use an almost dry revolut prepaid for all the cloud accounts instead of my main credit card.

As you wish, indeed the only free offer without credit cards is the one of azure for students. In any case you are not anonymous.

Considering the small audience and purpose, I would not have any problem using the always free offerings of either Oracle or Google (the latter especially if located in the US).

Hi, to check attacks you should look at the logs. In this case auth.log. Being attacked on port 22 is not surprising neither really troublesome if you connect via key pair.

My graph was showing egress traffic, on any kind of server the traffic due to these attacks would have been invisible but on a backup server which has (hopefully) only ingress you can clearly see the volume of connections from attackers from bytes teansmitted

ssh -p 12345 would leave your boxes accessible from anywhere too. Other blocks of IPs receive 10 times or more requests, as scanners can focus on blocks of ips from major providers.

I disagree, you’ll have your backups, so even if everything breaks you will have a failsafe. If you get compromised it’s still not an issue: Everything server side is encrypted, the safety is in the clients and your master password length.

So, I see no particular differences with other services. Considering I hear of some issues with bitwarden servers that are constantly under attack, selfhosting could even increase the availability.

Next time

Sorry, it’s the built-in console of Google Cloud. But there are so many monitoring solution around that you can probably find one of your liking. Look on awesome-selfhosted for “monitoring”

In all the cases for me is sufficient to backup the folder which host the volume for persistent data of each container. I typically do not care to stop and reload containers but nothing prevents you to do so in the backup script. Indeed if a database is concerned the best way is to create a dump and backup that one file. Considering tools, Borg and restic are both great. I am moving progressively from Borg to restic+rclone to exploit free cloud services.

So it seems. Do you think this was from the detected user activity? A colleague reported it was using it and it stopped working from one second to the next. Maybe some of his traffic looked suspicious? I am opening a ticket in any case today.

Now it’s pretty clear, I am mistaken for a malicious site (probably because many different computers in the lab started to exchange data with this obscure freedns subdomain) by this software from Palo Alto Networks https://www.gavstech.com/palo-alto-firewall-dns-sinkhole/ which rewrites the DNS response

Nice, I am routed to sinkhole.paloaltonetworks.com I am a malicious domain apparently.

What does it mean?

nslookup my.domain.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    my.domain.com
Addresses:  ::1
          xx.x.xx.xxx (wrong IPV4 address from the other side of the world)

If I use 8.8.8.8 at home addresses is first of all “address” and is correct.

I think this is exactly the case, they have some issues with the DNS server and, as some other comments indicate it is possible, they reset my settings for DNS servers at router level. So nor cloudflare or others can help, only the line in etc/hosts works

Interesting, thanks. I think this is what it is happening. Feels like I can put whatever DNS server and still end up with an internal one.

Thanks for the detailed answer, a lot of suggestions are great but unfortunately a bit unpractical. Changing etc/hosts is at the moment the only think working and if the issue is not fixed soon I will suggest to the users that are willing to do so. I would not go as far as asking people to install VPNs and I am pretty sure that buildin a rogue wifi/LAN network will be against any corporate policy and I will be fired :D

Well, the main point is I would need to manually change this for tens of pcs and its not my job, moreover other people should to the same on theirs. Nevertheless, I just tried 8.8.8.8 on a couple of PCs and I have the same issue! It appears that my DNS setting is irrelevant as it is overwritten down the chain, the only way I can reach the site is put the line in etc/hosts. Could it be?

I tried to set it to 8.8.8.8 but I have still the same result. Can it be overridden at the router level? So far the only solution is to manually add the damn line to etc/hosts.

I already had contacts with our IT. I originally asked if they could host this service for us as it seemed the normal thing to do. They do not support anything custom (i.e. anything which is not a wordpress site) and just to give me a fourth level subdomain they wanted signatures from half the administration above me. That’s why I’m rogue with selfhosting also work stuff. But I think I can still complain just because their DNS gives back random IPs. This could even be hijacking, no?