Post · bonfire.cafe

Interesting traffic on my self-hosted secrets manager this morning. I saw a spike in HTTP traffic around 01:16CET (when everyone was asleep) and a high number of 404 errors in my dashboard. Checked the traefik access logs and it was someone scanning for WordPress vulnerabilities (/admin.php). Glad I am able to dignose those sorts of things in my #homelab #selfhost environment

#homelab #selfhost

MacLemon

@MacLemon@chaos.social · 2 days ago

@infosec812 If you find a moment of spare time, I‘d appreciate a brief roundup of what your setup looks like to evaluate those logs and display them. Assuming this was not done completely manually. :-)
Thanks in advance

Deven Phillips

@infosec812@foojay.social · 2 hours ago

@MacLemon The first time around it was done manually. I am in the process of updating my Ansible playbooks to automate all of this for DR purposes.

Deven Phillips

@infosec812@foojay.social · 2 days ago

@MacLemon
Sure. Some of it is already on my blog at https://blog.devenphillips.dev

Deven's BlogRSSRSS

Random musings of an unrepentant techie

MacLemon

@MacLemon@chaos.social · 19 hours ago

@infosec812 Awesome, thanks for the writeup.

Deven Phillips

@infosec812@foojay.social · 12 hours ago

@MacLemon Two new posts incoming on my blog. The first helps you set up Prometheus and Perses to see things like your Traefik traffic. The second show how to put your traefik access logs into a Perses dashboard as well. https://blog.devenphillips.dev/posts/

Blog Posts | Deven's BlogRSSCodeberg logoCodeberg logoRobert MartinezCodeberg and the Codeberg Logo are trademarks of Codeberg e.V.Codeberg e.V.RSSCodeberg logoCodeberg logoRobert MartinezCodeberg and the Codeberg Logo are trademarks of Codeberg e.V.Codeberg e.V.

Random musings of an unrepentant techie