Going local means hosting your own infrastructure instead of relying on managed cloud services. In this post, I talk about 2,331 login attempts in less than 30 Days, the reality of running your own VPS.
You resonate with the idea of having your own setup and deployment. It gives you control and, let's face it, it's cheap. You install Docker, set up UFW, open some ports to the web, block others. You think to yourself: now we're good.
Well, it takes one curious attacker to find the gaps in your checklist.
In less than a month, there have been 2,331 failed SSH login attempts and 235 banned IPs, all trying to gain access to the VPS server with bans occurring every 30-60 minutes, around the clock. These are automated, coordinated attempts.
I recently spun up a VPS and discovered that some ports were exposed to the public even with UFW configured. A MongoDB that was exposed on port 27017 for "internal use only"? It's been public this whole time. Turns out Docker bypasses UFW entirely. This isn't a bug. It's how Docker works and it has been known for years, however many developers either don't know or choose to ignore it due to the convenience of abstraction Docker provides.
What are they looking for?
The failed logins reveal what attackers expect to find on cheap VPS servers:
It seems they're not guessing randomly. They know what people run on $5 servers, and here it seems crypto infrastructure with hot wallets is a prime target.
Now that you are local, are you secured? In 2026, this is the question we all need to be asking. It's more than just having a presence online, it's about how secure your setup actually is. Whether that means a $3-5 VPS on Hetzner or an old laptop in your garage running your side projects.
If you're running Docker on an unmanaged VPS, you probably need to fix this. I put together a script that:
- Prevents Docker from bypassing your firewall
- Blocks all ports by default, exposing only what you explicitly allow
- Hardens SSH to key-based authentication only
- Installs fail2ban to stop brute-force attempts
How it works
The script does four things:
1. Fixes the Docker/UFW bypass
It installs ufw-docker, which modifies the iptables chain order so UFW rules are checked before Docker's. Without this, Docker punches holes through your firewall whenever you expose a port.
2. Blocks everything by default
UFW is configured to deny all incoming traffic. Only ports you explicitly specify (default: 22, 80, 443, 3000) are accessible from the internet. Your containers can still talk to each other internally.
3. Hardens SSH
Disables password authentication (key-only), disables root login, and removes cloud-init overrides that re-enable password auth (be careful with this as you might lock yourself out entirely if your ssh key is missing)
4. Installs fail2ban
Three failed SSH attempts results in a 24-hour ban. This stops brute-force attacks from hammering your server indefinitely. (You can adjust the ban duration based on your needs)
Here is the link to the Github repo, I would advise you run it on a throw-away server before making use of this in a more serious project: https://github.com/solomonaboyeji/secure-vps
Top comments (0)