================================================================================ LITTLESHOP HOSTINGER VPS INFRASTRUCTURE ================================================================================ Last Updated: September 12, 2025 Status: BTCPAY SERVER MULTI-CRYPTO OPERATIONAL ✅ ================================================================================ SERVER INFORMATION ================================================================================ 🖥️ SERVER DETAILS: Provider: Hostinger Hostname: srv1002428.hstgr.cloud / thebankofdebbie.giize.com IP Address: 31.97.57.205 Operating System: Debian 13 (upgraded from Ubuntu 24.04) CPU: x86_64 architecture RAM: 16GB Storage: 394GB SSD (✅ SUFFICIENT with Bitcoin pruning enabled) 🔐 ACCESS CREDENTIALS: SSH Port: 2255 (changed from default 22 for security) SSH User: sysadmin (root login DISABLED, ubuntu user not present) SSH Key: vps_hardening_key (stored in this directory) Sudo Password: Phenom12#. (same as SSH user password) 🌐 DOKPLOY ADMIN: Original Credentials: sysadmin@server.local / Th3fa1r13sd1d1t. Web Interface: http://srv1002428.hstgr.cloud:3000 (BLOCKED externally) Secure Access: SSH tunnel required (see commands below) ================================================================================ SECURITY CONFIGURATION ================================================================================ 🔒 SSH HARDENING STATUS: ✅ Port changed: 22 → 2255 ✅ Root login: DISABLED ✅ SSH key authentication: CONFIGURED ✅ Password authentication: ENABLED (for safety - disable after testing) ✅ Max auth attempts: 3 ✅ Login grace time: 30 seconds ✅ SSH banner: Security warning configured ✅ Strong encryption: AES-256, ChaCha20-Poly1305 🛡️ FIREWALL (UFW) STATUS: ✅ Status: ACTIVE and enabled on startup ✅ SSH (2255/tcp): ALLOWED with comment "SSH-Hardened" ✅ HTTP (80/tcp): ALLOWED with comment "HTTP-Dokploy" ✅ HTTPS (443/tcp): ALLOWED with comment "HTTPS-Dokploy" ✅ Dokploy (3000/tcp): DENIED with comment "Block-Dokploy-External" ✅ Default policy: DENY all other incoming traffic 🚨 FAIL2BAN PROTECTION: ✅ Status: ACTIVE with 2 jails ✅ SSH jail: 3 attempts → 2 hour ban ✅ Nginx jails: HTTP auth, bad bots, noscript protection ✅ Ban time: 1 hour (SSH: 2 hours) ✅ Find time: 10 minutes ✅ Monitoring: Auth logs and web access attempts 🔧 SYSTEM SECURITY: ✅ Automatic security updates: ENABLED ✅ Non-root sudo user: ubuntu user configured ✅ Package security: Latest security packages installed ✅ Docker access: Ubuntu user added to docker group ================================================================================ DOCKER SERVICES ================================================================================ 🪙 BTCPAY SERVER (September 12, 2025): ✅ btcpayserver_bitcoind: Bitcoin Core (PRUNED 10GB, Tor-only) ✅ btcpayserver_dogecoind: Dogecoin daemon ✅ btcpayserver_monerod: Monero daemon ⚠️ btcpayserver_monero_wallet: Monero wallet (restarting - config issue) ⚠️ generated-zcash_walletd-1: Zcash wallet (restarting - needs daemon) ✅ generated_btcpayserver_1: BTCPay Server application ✅ generated_nbxplorer_1: Blockchain explorer ✅ generated_postgres_1: PostgreSQL database ✅ nginx: Reverse proxy with SSL ✅ tor: Tor daemon + onion services ✅ tor-gen: Tor configuration generator ✅ letsencrypt-nginx-proxy-companion: SSL certificate manager 🌐 BTCPAY ACCESS: Clearnet: https://thebankofdebbie.giize.com Tor Onion: njoc2ubkk7ymgqfg6plt3wcltvcvuv3j4eemixnovicegrlwhq2zwfad.onion (expected) Bitcoin P2P Onion: s7n55wptvooma4gqsbdo5vn6v6nphjffqsmlufoa3fzqhwkqgeasslad.onion (expected) 🪙 CRYPTOCURRENCY STATUS: ✅ Bitcoin (BTC): Pruned mode (10GB max), Tor-only, fully operational ✅ Dogecoin (DOGE): Running (needs pruning configuration) ✅ Monero (XMR): Daemon operational, wallet setup in progress ⚠️ Ethereum (ETH): Configured in BTCPay but container missing ⚠️ Zcash (ZEC): Wallet present, main daemon needs configuration 🔧 CRITICAL CONFIGURATION FIX: Problem: BTCPay Docker Compose YAML parsing broken for BITCOIN_EXTRA_ARGS Solution: docker-compose.override.yml file (UPDATE-SAFE) Location: /opt/btcpayserver-docker/docker-compose.override.yml Status: Bitcoin pruning working via override file approach 🐳 LEGACY DOKPLOY CONTAINERS (if present): ✅ dokploy: Main application (port 3000 - blocked externally) ✅ dokploy-redis: Redis database (internal port 6379) ✅ dokploy-postgres: PostgreSQL database (internal port 5432) ✅ dokploy-traefik: Reverse proxy (ports 80, 443 - both protocols) 🔗 SERVICE STATUS: BTCPay Services: 12 containers running, Bitcoin with proper pruning Cryptocurrency Sync: In progress over Tor network Disk Usage: 63GB used / 316GB available (safe with pruning) ================================================================================ STORAGE ANALYSIS ================================================================================ 💾 CURRENT STORAGE: Total Space: 387GB SSD Used Space: 8.8GB (3% utilization) Available: 378GB Docker Data: 9.2GB ⚠️ BITCOIN NODE STORAGE REQUIREMENTS: Current Blockchain: ~800GB (2025) Annual Growth: 100-150GB Recommended: 1TB+ SSD for full node Status: CURRENT STORAGE INSUFFICIENT 📈 STORAGE OPTIONS: 1. Upgrade VPS to 1TB+ storage (RECOMMENDED) 2. Use Bitcoin pruned node (~10GB, limited functionality) 3. Add external storage solution 4. Use different VPS provider with larger storage ================================================================================ ACCESS COMMANDS ================================================================================ 🔑 SSH ACCESS (SECURE): ssh -i vps_hardening_key -p 2255 ubuntu@srv1002428.hstgr.cloud 🌐 DOKPLOY ADMIN ACCESS (via SSH tunnel): ssh -i vps_hardening_key -p 2255 -L 3000:localhost:3000 ubuntu@srv1002428.hstgr.cloud Then browse to: http://localhost:3000 🔍 SYSTEM MONITORING: # Check firewall status sudo ufw status numbered # Check Fail2Ban status sudo fail2ban-client status # Check SSH security sudo ss -tlnp | grep :2255 # Check Docker containers docker ps # Check system resources df -h && free -h 🚨 EMERGENCY ACCESS: If SSH keys fail, password authentication is still enabled: ssh -p 2255 ubuntu@srv1002428.hstgr.cloud Password: Th3fa1r13sd1d1t. ================================================================================ NEXT STEPS / TODO ================================================================================ 🔄 IMMEDIATE ACTIONS: 1. Test SSH key access thoroughly from multiple locations 2. Once SSH keys proven reliable, disable password authentication: Edit /etc/ssh/sshd_config: PasswordAuthentication no 3. Restart SSH service: sudo systemctl restart ssh 📦 BITCOIN/BTCPAY DEPLOYMENT: 1. ⚠️ CRITICAL: Upgrade storage to 1TB+ before Bitcoin node installation 2. Install Bitcoin Core for full node operation 3. Deploy BTCPay Server via Docker/Dokploy 4. Configure Lightning Network (if required) 5. Set up automated backups for Bitcoin/BTCPay data 🔐 SECURITY ENHANCEMENTS: 1. Configure email notifications for Fail2Ban alerts 2. Set up log monitoring and alerting 3. Implement automated backup verification 4. Configure VPN access for additional admin security (optional) 📊 MONITORING SETUP: 1. Configure disk space alerts (critical for Bitcoin node) 2. Set up service health monitoring 3. Implement performance monitoring 4. Configure backup success/failure notifications ================================================================================ SECURITY VERIFICATION ================================================================================ ✅ HARDENING CHECKLIST COMPLETED: [✅] System packages updated and automatic updates enabled [✅] Non-root sudo user created (ubuntu) [✅] SSH port changed from 22 to 2255 [✅] SSH key authentication configured and tested [✅] Root login disabled [✅] UFW firewall enabled with secure rules [✅] Fail2Ban installed and configured [✅] Dokploy admin interface secured (external access blocked) [✅] SSH banner with security warning added [✅] Strong SSH encryption ciphers configured [✅] Docker access configured for ubuntu user [✅] All unnecessary services removed/disabled 🔒 SECURITY POSTURE: EXCELLENT Your VPS is now hardened against common attack vectors and ready for production Bitcoin/BTCPay deployment once storage is upgraded. ================================================================================ SUPPORT CONTACTS ================================================================================ 🏢 HOSTINGER SUPPORT: Website: https://www.hostinger.com/contact VPS Management: Hostinger Panel Server ID: srv1002428 📧 EMERGENCY CONTACTS: If locked out of server, contact Hostinger support with: - Server hostname: srv1002428.hstgr.cloud - Account credentials for VPS management panel - Request console access or password reset ================================================================================ CHANGE LOG ================================================================================ 2025-09-10: Initial VPS hardening completed - SSH security hardening (port 2255, key auth, root disabled) - UFW firewall configuration with secure rules - Fail2Ban intrusion prevention system - Dokploy security (blocked external access to port 3000) - System updates and automatic update configuration - Comprehensive security verification completed ================================================================================ END OF INFRASTRUCTURE DOCUMENT ================================================================================