Security matters

Hi,

I’ve read articles about security concerns with self hosted servers, that could easily be hacked as a botnet, something like “shodan” being able to scan every server…
Apparently, there is a need to actively secure those servers, configure “nginx” or whatever.
Is it something you remotely manage for all the devices you sale, or do I have to learn server security if I want to keep my Syncloud working?

(I have to say that once gone the feeling of liberty I had when I quit gafam, now I feel worry about the responsabilities and risks about self hosting all of my datas. Hacking is one of the fears I have, and another is the lack of backup, and worst, out-of-my-house backup in case of fire, but that’s another problem).
For what is about you, can you tell me about security, updates etc?

Thank you.

2 Likes

Hi,

This is a very good question and I must say we cannot give you any guarantee that this cannot happen to you. But I can guarantee the following:

  1. We are following the advices of app developers to apply all the needed security fixes for example Nextcloud app has a set of automated checks and notification about new security updates.
  2. We keep source open so anyone can audit and we expect this to happen more often as we go more popular.

At the same time if you are concerned about your personal data not being properly protected there are few options to consider:

  1. Disable external access if you only use it from home.
  2. Disable external access but install OpenVPN app and have a secure channel to your device from outside on-demand.
  3. If you really need external access and VPN is not suitable (family members, clients) consider having two devices (public and private) and restrict the set of apps on the public one as more apps potentially means more security issues.

One of the ideas behind distributed personal devices versus a centralized cloud is that hacking one cloud server gives a hacker access to thousands of users where hacking a single device gives you one so probably more resources is concentrated at hacking the cloud. I understand if you are hacked you do not really care how many are there with you 0 or 1000.

Another feature we are relying on in Syncloud is that all apps are self-contained and do not depend on each other or operation system libs (thanks to Ubuntu Snap technology) allowing us to follow all app developer requirements easier and faster.

As you understand this approach of having personal data and apps independent from the controlled cloud is new to you the same was it is new to us. We learn and try to solve limitations of the current state of things but I hope more people will be involved on both user and development sides to bring this to a wider public.

As to backup we have this instruction: Backup · syncloud/platform Wiki · GitHub (feel free to start a separate thread about backup)

1 Like

Hey boris, followed for a long time but new to being active in the community. I was wondering if there was tutorial I can view regarding connecting remotely/externally using openvpn. Is it similar to how mistborn uses wireguard?

It is very simple standard OpenVPN server with a web ui to manage ovpn client certificates.

I can put more info if needed.

If you have more questions please create separate thread per question.

1 Like

Hi Boris,

I use fail2ban for manage the scans of the SSH.

I would like used it on the nginx log, but i dont have the knowledge to do that.
Perhaps on the wiki a page on the will be a good thing.

Cheer.
Pierre