Linux

UFW + CrowdSec: Stop Malicious Port Scans Subtitle / Abstract: How do you protect exposed server ports? This guide shows how to move past Fail2ban regex hell and build a stable, automated, intelligent port-scan defense system. Target readers Developers using FRP or reverse tunnels Operators of cloud servers (Tencent, Alibaba, AWS, etc.) Linux users who want to stop port scans and SSH brute force People using Fail2ban who want a modern alternative Anyone improving personal server security Background / Motivation: Why you need port-scan defense When you run FRP (frps + frpc) or expose multiple ports, you will often see: ...

WireGuard Full Guide: Build a Secure High-Speed Private Network (VPN Tutorial) Subtitle / Abstract: A beginner-to-intermediate WireGuard VPN guide. Learn to build a fast, secure private network and enforce a zero-exposure model where services are only reachable through VPN. Target readers People who want to hide server or PC ports behind a VPN Users who want to reduce scanning and brute force risk Anyone building a private LAN or remote access to home Linux/Windows users, developers, and ops beginners Background and motivation: Why WireGuard? If you expose ports to the public internet (SSH, databases, admin panels), you will face: ...

Ping Works but SSH Fails: A Real Case of SSH vs VNC Subtitle: From connection refusal to protocol identification: understand TCP, SSH, and VNC Reading time: 7 minutes Tags: network troubleshooting, SSH, VNC, Linux, remote access SEO keywords: SSH connection failed, kex_exchange_identification, VNC port 5905, RFB 003.008, SSH vs VNC Target readers Linux users, developers, and server admins Engineers learning systematic network troubleshooting Readers interested in SSH/VNC protocol behavior Background and motivation Have you seen this? ...

Below is a full draft based on your SSH startup and debugging process. It is ready for publication on a technical blog. Run SSH Without sudo on Linux (User-Level sshd Guide) Subtitle / Abstract: When you have no root access in a lab or restricted server environment, how do you start SSH and access your account remotely? This guide shows how to run sshd in your user directory, enable key login, and connect remotely. ...

Title: Run sshd Without sudo: Troubleshooting, nohup, and systemd (User-Level SSH) Subtitle / Abstract: How to run OpenSSH as a normal user, solve common errors like “connection refused”, “password auth failed”, and start-limit-hit, and keep sshd alive using nohup or systemd. Target readers: Intermediate Linux users, researchers on shared servers, and anyone who needs SSH without root. 1. Background / Motivation In some lab or shared environments, regular users do not have sudo. The default sshd service cannot be started. If you need to: ...

Auto-start frp on Ubuntu: A Complete Guide Subtitle / Abstract Use systemd to run frp (Fast Reverse Proxy) as a managed service for stable, secure, and monitored auto-start on boot. Reading time: 8 minutes Tags: frp, intranet tunneling, systemd, auto-start, Linux, Ubuntu SEO keywords: frp auto start, Ubuntu frp config, frpc systemd, frps service, intranet tunneling Meta description: Step-by-step systemd setup for frp (frpc/frps) with config templates and troubleshooting. Target readers Developers deploying frps on cloud servers Intermediate Linux users building stable home/office tunnels DevOps and self-hosting enthusiasts Background and motivation Many developers use frp to expose internal services (SSH, web, NAS) to the internet. The problem is that running ./frpc -c frpc.ini manually is inconvenient and unreliable after reboot. ...

Windows + WSL2 Port Forwarding Guide (Access Flask 5000) Prerequisites You are using WSL2 (Ubuntu or another Linux distro) The Windows host can access the LAN (Wi-Fi or Ethernet) A Flask service is running inside WSL2 and listening on: app.run(host="0.0.0.0", port=5000) host="0.0.0.0" is required; otherwise external access will fail. Step 1: Check the WSL2 IP In WSL2: ip addr show eth0 You should see something like: inet 172.26.209.37/20 Record the IP after inet (here: 172.26.209.37). This is the WSL2 internal IP. ...

Load Testing APIs with wrk (Detailed Guide) This article explains how to use wrk on Ubuntu to stress-test backend APIs (Flask, FastAPI, Spring Boot, etc.) and interpret the results. 1. What is wrk? wrk is a modern, high-performance HTTP benchmarking tool written in C. Key features: High concurrency: thousands of concurrent connections Multi-threaded: uses multiple CPU cores Lua scripting: for custom headers, bodies, tokens Faster than Apache Benchmark (ab): lighter and more stable 2. Install wrk On Ubuntu/Debian: ...

Introduction Mermaid is a framework for creating diagrams using code. This post shows how to install the tooling on your server and render Mermaid code into images. Steps Install the renderer Run: npm install -g @mermaid-js/mermaid-cli Note: the CLI requires npm version >= 20. It is recommended to manage npm versions with nvm. If you do not have nvm, install it with: curl -o https://raw.githubusercontent.com/nvm-sh/nvim/v0.39.4/install.sh | bash Restart your shell, then run: ...