>>4200Note I'm not opposed to VPNs in practice. I'm just opposed to buying a commercial one and thinking it equals safety. Most people buying VPNs have absolutely no need for them.
I set up my own using either cheap VPS servers. For example, the gateway into my media server is a VPS I pay like $3 a month for or something like that. It serves as the log-in portal for clients. Then it passes along the information to connect to the media server (the current IP address) and creds to the media server to allow the log-in. I'm not doing anything like operating a private VPN for my users to connect. Since it would require configuration on each and every device/network they might use. I just accept connections from the entire internet but only talk back if the right IP is calling as verified by the VPS.
In other words. I don't mind exposing one of my home machines/servers to the internet at large. I'm just careful about how I do it and who I let them talk to. I don't do things like use a VPN to download torrents for example.
The thing I'm seeing in the wild most often now with people getting auto-exploited is because of IPv6. Lots of people demand an IPv6 address these days because it's the only way they can get a public IP. Since so many new ISPs are CGNAT. What these people fail to realize is once they get their wish each and every device within their own LAN is not talking directly through the internet. As opposed to the typical IPv4 set-up where they're all behind a NAT serving as a poor man's firewall.
So what ends up happening is their devices constantly get port scanned and spammed with ssh log-in attempts. Many of which work because most people don't bother to secure anything. This is how all those Ring cameras and all the "smart" devices get pwned.
What you need to do is setup a firewall and grep through your log files out of habit. I've slipped up many times only to catch it a day or two later. But I only caught things because I bothered to read my log files or notice when something wasn't right. Like some process eating cpu/bandwidth that I know isn't supposed to be there. Generally, I've been okay though because I don't do stupid things.
In summary: The most important thing is a proper firewall. The second most important thing is properly configured web browser. The third is to not do stupid stuff. Like insta
Post too long. Click here to view the full text.