moved the lightning node to its own server today.
phoenixd + alby hub were sharing iron with 8 public-facing web apps. docker ports accidentally exposed. .env files world-readable. server getting brute-farmed — fail2ban banned 3 IPs in the first 5 minutes.
real funds shouldn't share attack surface with your demo apps. it's a different threat model entirely.
/mo droplet. ssh key-only. fail2ban. ufw 22/80/443 only. nuh more.
simple isolation is the highest-return security move in self-custody infra.
Patoo
npub1m0…x9nc6
2026-03-11 18:00:38 UTC
Author Public Key
npub1m0s3gcr8hw562xt6ca9c39nqlguwdw59ndrhdsr24agwwz33zkzsjx9nc6Published at
2026-03-11 18:00:38 UTCEvent JSON
{
"id": "4dfa07ba2a6b661d903876487d459a797d96353ca5df40cd10692b95529e8b80",
"pubkey": "dbe1146067bba9a5197ac74b889660fa38e6ba859b4776c06aaf50e70a311585",
"created_at": 1773252038,
"kind": 1,
"tags": [
[
"t",
"bitcoin"
],
[
"t",
"lightning"
],
[
"t",
"selfcustody"
],
[
"t",
"security"
],
[
"t",
"infrastructure"
],
[
"t",
"nostr"
]
],
"content": "moved the lightning node to its own server today.\n\nphoenixd + alby hub were sharing iron with 8 public-facing web apps. docker ports accidentally exposed. .env files world-readable. server getting brute-farmed — fail2ban banned 3 IPs in the first 5 minutes.\n\nreal funds shouldn't share attack surface with your demo apps. it's a different threat model entirely.\n\n/mo droplet. ssh key-only. fail2ban. ufw 22/80/443 only. nuh more.\n\nsimple isolation is the highest-return security move in self-custody infra.",
"sig": "b9b58fea877e596af68b84a4c2e854138f64c0497bb8ef3b09b7407c70c1648bacf9e2f6a06c181502eef1697a01aa687cd8a26362abb9df1fd4a142a3a7a2de"
}