Hetzner PTR Record Invalid

I did a comparison between the e-mail that was sent earlier, before version 8.2.0, and now.

Before version 8.2.0

After 8.2.0

I think I saw on the ubuntu forum that the 22.04 version had 5.4.x. So we can quietly breathe a sigh of relief. And in the future version 24.04 it already had a faulty version and then they started to fix it as it became known about this problem.

EDIT: https://ubuntu.com/security/CVE-2024-3094

Forum: https://askubuntu.com/questions/1509015/is-ubuntu-affected-by-the-xz-backdoor-compromise

A cool solution in terms of security even on providers without an external firewall is "Match user" with "List Address" in the SSH configuration. You could use with a VPN and not have to worry about attacks.

In my spare time on a test server I played around with it, but until today I could not enable it. With the various configurations given on the internet it throws an error about an error every time.

@mmtrade

Yahoo rejects your emails due to fresh domain registration.
Some popular email blockers from 1 to 6 months depending on the domain tld. A good solution to this problem is to send from yahoo email, icloud, gmail etc to your own email.
Send a normal long text message once a day and you can't send in bulk to start with from your mail because then they will permamently block your IP address.
At my place with a .cloud domain, I had a problem receiving iCloud emails for six months.

On top of that, Contabo IP addresses are popular among e-mail providers as spam servers.

On the server where I have Nextcloud installed and backed up to Object Storage to Nuremberg and works fine. I will also give the settings from Memory Limit and Upload Part Size.

If you have servers in Falkenstein or Nuremberg and you send to Helsinki or vice versa then there maybe problems, because there is a broken fiber optic cable by probably by sabotage.

You have to update to version 24.04 yourself.

https://docs.cloudron.io/guides/upgrade-ubuntu-24/

I personally made a second server with Ubuntu 24.04 and did a Cloudron restore using a backup.

While testing CDN in Bunny, I confirm the problem. You need to add a cofiguration to the nginx/apache config file in this case, so that the CDN does not take the "ghost" folder.

I no longer remember if there is an option in the new version of the Bunny panel, where you can select what folders it should not take.

The final solution as I wrote above add the config.
https://www.keycdn.com/support/ghost-cdn-integration

I see you've found a solution, but you don't just add here, you need to change in other places too. I will add all the possible settings of what you need to set, so that other people know how to set it. Sorry that it took a long time. But my private life has been pounding me

I see you've added another post about it

If you want good security then set up as below. This is the way I use on all servers and where possible on the provider's external firewall I restrict the port on the VPN IP.

PermitRootLogin prohibit-password
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM yes

prohibit-password - This they started using from version 22.04 as a new security method.

KbdInteractiveAuthentication is the newer line that replaces "ChallengeResponseAuthentication"

Changing port 22 to 202 doesn't make the attack more secure, hackers have started scanning all ports that send back a header that SSH is running on that port.

You have to uncomment the line to make it work.

I am reporting a problem with version 7.5.0:

• No exact number of web token
  

• Having a background, the expanded list is hidden
  

In Ubuntu 24.04 the restart does not work with "systemctl restart sshd", but only with "systemctl restart ssh.service".

Welcome,
I am in the process of looking for a solution to restrict the SSH port outside the firewall, as it is known to be dynamically changed by Cloudron.

After removing the support for TCP Wrappers, I searched for various solutions on how to restrict access through configurations in ‘sshd_config’. The result? Not satisfactory. Completely nothing worked.

While browsing around here and I found a post that you can edit the ‘/home/yellowtent/platformdata/firewall/ports.json’ file and then this will add to the dynamic firewall system.

I was pleased to see that this is a possibility, but a question. Can I add with a public IP address?

Why am I doing this? I want to migrate a server to my country that don't have a firewall system, like at Hetzner, where on all servers I restrict port 22 to a VPN address for security.

I just got access to the test already. I currently have it connected to Nextcloud as an external drive. So far it looks promising Very fast processing ie uploading large files from the server to disk storage and downloading.

I also confirm with myself the problem with DKIM and DMARC, which test says that “from” does not match the domain.

I did a test on the site: https://unspam.email/results/uPOw0MP1f2

I keep my domains with a Polish service provider - Domeny.tv
They recently launched a global site - Let's Domains with USD, GBP or EUR currencies. There is also an option to buy .coop domains

@robi Yes, all points in the status are in green. Message headers the same as above - post #15

The speed is affected as you wrote disk, and may even be poor quality network hardware hosting. I, too, experience poor quality Contabo network at my place. I had better performance on Hetzner Cloud and plan to return.

Basic question:

• Which server parameters and which provider?
• Which provider of object storage?
• How much memory and processor limit allocated?

@humptydumpty

Still I forgot to add that a few hosting e.g. OVH, that has the username ubuntu instead of root. This yet they added the parameter ‘PasswordAuthenication’ in another place, this causes a conflict with the automation with the Cloudron panel for easy key management and security.

For the past two days I've also been having trouble connecting to the forum. It happens when I am connected to LTE (T-Mobile PL).

Being at home having fiber optic, it works without a problem or at work with phone line internet without a problem.

It looks more like a global connection problem with some carriers because the forum is located USA and I live in Europe.