this post was submitted on 16 Nov 2025
124 points (97.0% liked)
Selfhosted
60409 readers
506 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Everything here is smooth sailing. I have been trying to track down a bothersome Suricata entry.
ad nauseum. There are three individual ips. One from Singapore, one from China and one from Romania. They are being blocked, so that's good. Thing is, these are from realitvly 'clean' sources:
120.132.37.195 was not found in our database202.136.163.11 was found in our database! This IP was reported 5 times. Confidence of Abuse is 0%:On the server side, I have nothing calling out to these ip. That's what was really bugging me. Nothing server side, just these three bothersome ip hammering Suricata. Generally, I would dismiss as benign and part of normal UDP behavior. However, it's the constant hammering that makes me suspicious. Could be high volume port scanning. However, it could also be known attack campaigns like UDP amplification attempts.
Other than that, I might find something to get into today.