Once upon a time, not so long ago, I decided to duplicate my services running on a bare metal server at home on a bare metal server I rent in a Hetzner data center. This has worked out really well. As the server offers ample capacity, I have additionally migrated quite a number of virtual machines with public IP addresses to it. In other words, there are a number of services now for which I do not have a redundant copy at home. So I needed a ‘Plan C’ in case that server goes south one day. Recently, I became aware of one more reason why that server could suddenly ‘go offline’ that had me raise an eyebrow: Malicious outgoing port scanning activities.
In the original post on this Mastodon chain (sorry, in German only), the author describes the investigation he did after Hetzner blocked his public IP address due to suspicious port scanning activities coming from his virtual machine. According to his post, he had a Wireguard VPN gateway installed on the VM and an advertisement platform started performing port scans from the web browser on a machine from which he was using the VPN gateway. Yes, I know why I like my ad-blocker. But that being said, there is a risk that one misbehaving service could trigger an IP address blocking from Hetzner that could impact several other services behind the reverse proxy. So I updated my procedures to migrate to another place, should my bare metal machine go down or be blocked. And I made a mental not not ever to use that server as a Wireguard VPN gateway.