Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.
keep the services updated and using good passwords & non-default usernames.
Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
Planned: geofencing some ip ranges, auto-updating from public botnet lists.
Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.
Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.
I had the OG Jolla as my daily driver circa iPhone 4 era, and it was great experience overall. Running Android apps and whatnot.
Eventually the camera and display quality made me stop using it. Still boot it maybe once a year for the fun of it… I think the Sailfish OS did even receive updates till ~2021.
Saw the video… It mentions ”ripping” and even shows clips of some blockbuster movies. No wonder any copyright-sensitive automation gets triggered pretty fast. This will only get worse.