Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
Thank you for this! I’ve got some homework to do!
Good luck on your journey.
I would suggest having two servers one to test and one to expose to the Internet. That way if you make a mistake hopefully you’ll find it before you expose it to the Internet.