NaibofTabr

And even if the cooperation doesn’t last, it’s an opportunity for the open source developers to work with the product engineers and get direct information from them right now. There’s nothing as valuable as talking to the guy that actually designed the thing, or the guy who can make changes to the product code.

Even if that relationship doesn’t hold long term, the information gathered in the short term will be useful.

If I were part of this project this is what I’d be going for. Push the company to give you direct contact with the relevant engineers, right now while the negative public opinion is fresh and they’re most willing to make concessions, and then get as much out of that contact as you can. Take them at their word, make them actually back it up, take advantage of the offer to cooperate. Sort the rest of it out later.

Yes, it is damage control. That’s OK.

The whole point of spreading the word about an incident like this is to get public attention on it, and make the company realize that the way they’ve handled things was bad.

A letter like this indicates that they’ve realized they fucked up and they want to do things differently going forward. That doesn’t mean they’re suddenly trustworthy, but it does mean they can be negotiated with.

The correct response is to accept the offer of working together. We want to encourage companies to be cooperative and discourage insular, proprietary behavior. If you slap away the offered hand then you discourage future cooperation, and now you’re the roadblock to developing an open system.

When you start getting the results that you want, don’t respond with further hostility.

I was referring to OP’s use of IPQuick. This isn’t a service I’m familiar with and it doesn’t seem to be affiliated with any organization that I’m familiar with either.

1. Assuming that you mean that you are using the domain name to point to services which are at a residential, dynamic IP address, you will need to set up a Dynamic DNS service.

2. If a product is free, you’re the product.

You might be interested in the Banana Pi BPI-R4, which has an officially supported OpenWRT image and costs ~US$110.

Nah, that sounds complicated. Just open port 22 and forward it your server.

I used to run a Minecraft server with PaperMC on an RPi4, and I would only give the java environment 2G of RAM. It never crashed except when I overloaded it with plugins. The same Pi was also hosting Pihole and Ubiquiti UNMS. As long as you aren’t planning on hosting hundreds of players at the same time, you should be fine with whatever (and assuming you’re doing this at home on residential internet, your network would be the bottleneck anyway). I do recommend PaperMC, it improves the performance and stability of Minecraft and it’s a fork of Spigot so it’s compatible with most plugins.

Also /u/ShellMonkey is correct about used server hardware. You can pick up a Dell PowerEdge for about $200.

It’s definitely more difficult when you don’t have control over the DHCP server. Is it part of a router provided by your ISP?

Maybe, but I suspect it’s working like this:

• Pi boots then requests locally configured IP from DHCP server
• DHCP server grants 30 day lease for requested IP
• Pihole runs fine for awhile, DNS requests are properly handled
• IP lease expires, DHCP server returns IP to available address pool but doesn’t reassign it to anything yet
• time passes
• Random wireless device connects to router, DHCP server assigns IP to new device
• DNS requests to Pihole fail because the IP was assigned to the recently connected wireless device

This would explain why Pihole appears to cause problems every month, sometimes a little longer.

windows network settings

A 30 day DHCP lease expiration would explain OP’s issue.

A malware might create a service which opens a previously closed port on your system. An independently configured firewall would keep the port closed, even if the service was running without your knowledge, hopefully blocking whatever activity the malware was trying to do.

Also, you can configure the firewall to drop packets coming in to closed ports, rather than responding to the sending device that the port is closed. This effectively black-holes the incoming traffic, so it looks like there’s just nothing there.

The core problem with this approach is that antivirus scanning is generally based on signature recognition of malicious binaries. Behavior-based antivirus scanning mostly doesn’t work and tends to generate a lot of false positives. No freely available antivirus is going to have a signature library that is kept up to date enough to be worth the effort of running it on Linux - most vulnerabilities are going to be patched long before a free service gets around to creating a signature for malware that exploits those vulnerabilities, at which point the signature would be moot. If you want antivirus that is kept up to date on a weekly or better basis, you’re going to have to pay for a professional service.

That said, there are other, simpler (and probably more effective) options for hardening your systems:

• Firewall - if your servers are dedicated to specific services and you don’t plan on adding many more applications, you should be able to tighten up their firewalls to have only the ports they need open and nothing else. If network security is a priority, you should start with this.
• Application Whitelisting - prevent unrecognized applications from running. There are more options for this on Windows (including the builtin Applocker), but there are some AWL options for Linux. It’s a lot easier to recognize the things that you do want to run than all of the things that you don’t want to run.
• Secure OS - I assume you’re using Debian because it’s familiar, but it is a general-purpose OS with a broad scope. Consider switching to a more stripped-down variant like Alpine Linux (it can be installed on a Pi).