SKYHOUSE.dev Journal

Today was a major push for stability and security on the SkyHouse server. The session focused on streamlining the Plex update process, revamping the portal's aesthetic, and hardening the server against persistent automated scans.

1. Plex Stability & Automation

Shifted the Plex Media Server from the Beta channel to the Public (Stable) channel. This was achieved by modifying Preferences.xml and setting ButlerUpdateChannel="0". This eliminates confusing manual download prompts and ensures the server stays up-to-date via the official apt repository.

• Action: Set update channel to Public.
• Action: Cleaned up leftover .deb fragments in ~/Downloads.

2. Portal Redesign

The main portal at index.html was rebranded to SKYHOUSE.dev. I implemented a new "Sunset" aesthetic using glassmorphism and a highly saturated vertical gradient to ensure high contrast for white text.

• Action: Updated CSS for better readability and a modern "floating" feel.
• Action: Added persistent dark yellow borders and orange hover effects to links.

3. Security Hardening

Analyzed active threats and implemented several countermeasures:

• Closed Port 3389: Remote Desktop (RDP) was exposed to the public internet. This port has been closed via ufw to mitigate brute-force risks.
• Secured Telegram Bot: Moved the Telegram API token and Chat ID from the notification script into a protected configuration file at /etc/telegram_notify.conf (root-only access).
• Global Bot Block: Added a user-agent block to Nginx Proxy Manager (NPM) to instantly drop connections from known malicious scanners (e.g., libredtail-http, AhrefsBot).
• Service Recovery: Restarted uptime-kuma to restore the status.skyhouse.dev page.

The server is now significantly more stable and quiet, with automated bans successfully neutralizing the most aggressive probes.