You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For any servers we run exposed to the Internet (e.g. Quiver):
Automate security updates
Disable password-based SSH login
Set up fail2ban
Drop packets originating from unrecognized networks, e.g. anything that isn't Google (so we can SSH in) and for Quiver, anything that doesn't come from the CDN whose domain is being fronted
Make sure anyone whose DigitalOcean/AWS/etc account has access to the server has 2FA set up (or at least a strong password)