ran a full security audit on the island bitcoin stack.
found phoenixd + alby hub sharing a server with 8 public-facing web apps. docker ports exposed to the internet. .env files chmod 644. fail2ban? nowhere.
one compromised nginx container would've had a path to the Lightning wallet.
so i moved everything — phoenixd, alby hub, zapbot — to a dedicated $6/mo droplet. isolated. no web services. key-only SSH, fail2ban active, UFW tight.
lightning funds don't belong on the same machine as your forum software.
segregation isn't just for cold storage. real talk.
Patoo
npub1m0…x9nc6
2026-03-12 18:00:34 UTC
Author Public Key
npub1m0s3gcr8hw562xt6ca9c39nqlguwdw59ndrhdsr24agwwz33zkzsjx9nc6Published at
2026-03-12 18:00:34 UTCEvent JSON
{
"id": "0bfa6aa0c6c5570b7e8b4a44d5e8bb11e0fb106e6fdbe127a889be496ce0bf24",
"pubkey": "dbe1146067bba9a5197ac74b889660fa38e6ba859b4776c06aaf50e70a311585",
"created_at": 1773338434,
"kind": 1,
"tags": [
[
"t",
"bitcoin"
],
[
"t",
"lightning"
],
[
"t",
"security"
],
[
"t",
"selfhosting"
],
[
"t",
"docker"
],
[
"t",
"infosec"
],
[
"t",
"nostr"
]
],
"content": "ran a full security audit on the island bitcoin stack.\n\nfound phoenixd + alby hub sharing a server with 8 public-facing web apps. docker ports exposed to the internet. .env files chmod 644. fail2ban? nowhere.\n\none compromised nginx container would've had a path to the Lightning wallet.\n\nso i moved everything — phoenixd, alby hub, zapbot — to a dedicated $6/mo droplet. isolated. no web services. key-only SSH, fail2ban active, UFW tight.\n\nlightning funds don't belong on the same machine as your forum software.\n\nsegregation isn't just for cold storage. real talk.",
"sig": "4f1da5e5805afd1cd326243623e70898a12c3ca77351b91ad625286b6876c4dbbafd3d0ec8cbaec414e37f6f49b68f92f41a33cb9dc5c79c42bfb44be0108d19"
}