Considering the small audience and purpose, I would not have any problem using the always free offerings of either Oracle or Google (the latter especially if located in the US).

I don’t know, wouldn’t the Hypervisor be able to track resources usage by itself without anything else?

Hi, to check attacks you should look at the logs. In this case auth.log. Being attacked on port 22 is not surprising neither really troublesome if you connect via key pair.

My graph was showing egress traffic, on any kind of server the traffic due to these attacks would have been invisible but on a backup server which has (hopefully) only ingress you can clearly see the volume of connections from attackers from bytes teansmitted

ssh -p 12345 would leave your boxes accessible from anywhere too. Other blocks of IPs receive 10 times or more requests, as scanners can focus on blocks of ips from major providers.

In all the cases for me is sufficient to backup the folder which host the volume for persistent data of each container. I typically do not care to stop and reload containers but nothing prevents you to do so in the backup script. Indeed if a database is concerned the best way is to create a dump and backup that one file. Considering tools, Borg and restic are both great. I am moving progressively from Borg to restic+rclone to exploit free cloud services.

So it seems. Do you think this was from the detected user activity? A colleague reported it was using it and it stopped working from one second to the next. Maybe some of his traffic looked suspicious? I am opening a ticket in any case today.

Now it’s pretty clear, I am mistaken for a malicious site (probably because many different computers in the lab started to exchange data with this obscure freedns subdomain) by this software from Palo Alto Networks https://www.gavstech.com/palo-alto-firewall-dns-sinkhole/ which rewrites the DNS response

Nice, I am routed to sinkhole.paloaltonetworks.com I am a malicious domain apparently.

What does it mean?

nslookup my.domain.com
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    my.domain.com
Addresses:  ::1
          xx.x.xx.xxx (wrong IPV4 address from the other side of the world)

If I use 8.8.8.8 at home addresses is first of all “address” and is correct.

I think this is exactly the case, they have some issues with the DNS server and, as some other comments indicate it is possible, they reset my settings for DNS servers at router level. So nor cloudflare or others can help, only the line in etc/hosts works

Interesting, thanks. I think this is what it is happening. Feels like I can put whatever DNS server and still end up with an internal one.

Thanks for the detailed answer, a lot of suggestions are great but unfortunately a bit unpractical. Changing etc/hosts is at the moment the only think working and if the issue is not fixed soon I will suggest to the users that are willing to do so. I would not go as far as asking people to install VPNs and I am pretty sure that buildin a rogue wifi/LAN network will be against any corporate policy and I will be fired :D

Well, the main point is I would need to manually change this for tens of pcs and its not my job, moreover other people should to the same on theirs. Nevertheless, I just tried 8.8.8.8 on a couple of PCs and I have the same issue! It appears that my DNS setting is irrelevant as it is overwritten down the chain, the only way I can reach the site is put the line in etc/hosts. Could it be?

I tried to set it to 8.8.8.8 but I have still the same result. Can it be overridden at the router level? So far the only solution is to manually add the damn line to etc/hosts.

I already had contacts with our IT. I originally asked if they could host this service for us as it seemed the normal thing to do. They do not support anything custom (i.e. anything which is not a wordpress site) and just to give me a fourth level subdomain they wanted signatures from half the administration above me. That’s why I’m rogue with selfhosting also work stuff. But I think I can still complain just because their DNS gives back random IPs. This could even be hijacking, no?

The IP is static, and is resolved properly everywhere outside my university network

I see your point, but now I do not think it is FreeDNS fault. DNSChecker.org shows my domain name properly resolved worldwide, and so it has been for months. I also created a second subdomain just now, exactly as the non-working one, and was properly resolved within seconds at my work pc. So I do not blame FreeDNS, I think it is our internal DNS server that is messed up or even hijacked.

I see, it gets complicated enough for me, I cannot imagine for some of the other users I would like to target… I will probably look into it as a last resort. Thanks

Quite not the same, the definition of what I am looking for seems either “Personal Information Manager” or “Outliner”. Still a niche market it seems

I do use it, but it is a desktop app. I was looking for something that could be used in a browser, I am so in need for that that I actually deployed treeline on alpine as a Kasm workspace for remote operation. Setting up a virtual desktop just for this seems a real overkill, besides that, I was hoping that a hosted solution could allow an easier collaboration between multiple users.