Category: Security

Categories
Security Server

2025-11-29: More Security in Everyday Digital Life: Why I Rely on Two-Factor Authentication

As an IT consultant, I experience firsthand how dramatically the digital threat landscape has evolved in recent years. Cyberattacks are no longer rare incidents but a daily risk. Data breaches, compromised accounts, and automated brute-force attempts clearly show:
A password – no matter how clever – is no longer enough.

Why Passwords Alone Are No Longer Sufficient

Passwords are a security factor based on knowledge — something I know.
But this factor has become increasingly vulnerable:

  • Passwords appear in massive databases of leaked login credentials.
  • Attackers use automated tools to guess even complex combinations.
  • People reuse passwords across multiple platforms.
  • Phishing attempts have become highly sophisticated.

That last point is especially critical: even a strong password becomes useless if it is entered into a perfectly forged phishing page. That’s where two-factor authentication truly shines.

What Two-Factor Authentication Really Provides ✔️

2FA adds a second layer of protection by introducing something I have or am.
Common second factors include:

  • A one-time password (OTP) from an authenticator app 📱
  • A hardware security key (e.g., YubiKey)
  • A biometric factor such as fingerprint or face recognition

This makes a stolen password practically worthless. Even if an attacker knows it, they still cannot access the account without the additional factor.

I like to describe it this way:
The password is the key, but the second factor is the additional deadbolt on the door. 🔒➕

A Real-World Example: Protection Against Phishing 🎯

Some time ago, a client told me about an email that looked exactly like a message from a well-known cloud provider — same layout, same colors, same wording.
He entered his password before realizing it was a phishing site.

Thankfully, because of 2FA, no harm was done.

During login, the attacker would have needed a one-time code generated only on the client’s smartphone — a code valid for just 30 seconds. Without that code, the compromised password was useless.

Authenticator apps like Synology Secure SignIn, Microsoft Authenticator, or Google Authenticator are easy to set up and highly effective. The OTP codes remain stored locally on the device, offering excellent protection against remote attacks. ⏱️🔐

For the Pros: Running a Self-Hosted Two-Factor Server 🧩

In many projects, I meet advanced users and companies who prefer complete control over their authentication infrastructure. Fortunately, modern tools make this possible.

One powerful solution is the open-source software 2Fauth.
Combined with Docker, it allows the operation of a fully self-hosted OTP server, enabling complete management of authentication tokens within one’s own environment.

Of course, this option is geared toward experienced users who understand how to securely run and maintain such services. But it demonstrates how flexible modern security concepts have become.

Conclusion

I am convinced that two-factor authentication is one of the most essential security measures in today’s digital world.
It is simple, effective, and protects against the most common attack scenarios — whether in everyday personal use, business environments, or highly sensitive systems.

🔑 Stronger protection
🛡️ Lower risk
🚀 High impact

With a second factor, a simple password-based login becomes a modern, resilient security system.

📞 As an IT consultant, I am happy to support both private and business clients in planning, setting up, and implementing two-factor authentication — from basic OTP apps to complex, self-hosted authentication infrastructures.

Categories
Cloud DNS Security Server Uptime

2025-11-19: Cloudflare down – Hetzner remains unshakable!

Cloudflare is one of the largest internet service providers in the world. Many websites rely on Cloudflare because it offers three major advantages:

  • 🚀 Faster loading times thanks to servers distributed around the globe
  • 🛡️ Protection against attacks, such as DDoS
  • 🔁 Stable availability, even under heavy traffic

Because Cloudflare delivers these features efficiently and at a good price, an enormous number of websites depend on it. But that popularity also creates a risk: When Cloudflare goes down, many sites go down with it.

🧩 Why self-hosted servers are often less affected

If you host your website or application on your own server, you’re far less dependent on big platforms like Cloudflare. That means:

🔐 More control over your own security

With simple measures such as:

  • 🔑 SSH keys instead of simple passwords
  • 🚫 Firewalls to block unwanted access
  • 🛡️ Fail2Ban, which automatically blocks repeated attack attempts

you can secure your server very effectively—without relying on external security services.

🕹️ More control & more reliability

I host my servers at Hetzner in Falkenstein, Germany 🇩🇪 — and during the Cloudflare outage, not a single second of downtime occurred.
Everything continued to run perfectly.

To me, this is a perfect example of digital sovereignty in Germany: Not depending on large U.S. providers, but maintaining your own stable, local infrastructure.

⚠️ Of course, nothing is 100% risk-free

✨ Running your own server doesn’t mean nothing can ever go wrong.
Self-hosted servers can also experience:

  • outages 🛑
  • overload 📈
  • network or power issues 🔌

But the key difference is: you have the responsibility— and the control.

🎯 Conclusion

The Cloudflare outage shows how vulnerable large, centralized internet services can be. If you host your servers yourself—such as at Hetzner in Germany—and secure them properly, you often end up with a more stable and sovereign solution. 🧭

Categories
Cloud OpenSource Security Server

2025-11-13: New Service: PrivateBin – Secure File & Message Sharing

https://share.it-service-commander.de

In modern IT security, strong passwords and firewalls are just part of the story. Equally important is how sensitive information is shared. To meet this need, I am introducing a new service: PrivateBin – a fully encrypted, secure platform for sharing files and messages.

🔒 What is PrivateBin?

PrivateBin is a client-side encrypted paste and file-sharing service designed to securely exchange confidential information.
Unlike traditional upload or paste platforms, PrivateBin performs encryption directly in your browser before any data reaches the server.

This means:

  • The server cannot read the contents
  • Encryption keys never leave the client
  • Only encrypted data blobs are stored
  • Decryption is only possible with the key embedded in the generated link

In other words, PrivateBin operates as a zero-knowledge service. As the service provider, I technically cannot access or view any uploaded content.

📦 What Benefits Does My PrivateBin Service Offer?

To ensure the highest level of security and usability, the deployed system has been enhanced with several important features:

✔ Secure Transmission

All data is encrypted client-side and transmitted via HTTPS.

✔ Protected Storage

Only encrypted data is stored on the infrastructure — completely unreadable to anyone.

✔ File Uploads up to 50 MB

Ideal for sharing documents, diagnostic logs, confidential information, or larger technical files.

✔ Limited Retention

Files and messages are automatically deleted after 4 weeks — permanently and irreversibly.

✔ Optional Password Protection

Each paste or file can be secured with an additional password for extra peace of mind.

✔ No Registration Required

The service is available instantly — no accounts, no personal data collection, no tracking.

📁 Use Cases for Businesses & Teams
  • Securely sharing credentials
  • Exchanging confidential client documents
  • Sending system logs or diagnostic outputs
  • GDPR-compliant information transfer
  • Project communication without email risks
  • Safe data exchange with external service providers
  • Temporary sharing of sensitive files

PrivateBin is especially useful whenever traditional email or messaging tools are too risky or not appropriate.

🔧 Why I Provide This Service

As an IT service provider, I frequently encounter situations where clients need to share confidential information with me or within their teams.
Sending such content through insecure platforms — or via plain-text email — introduces unnecessary security risks.

By offering PrivateBin, I provide a secure, controlled, and modern method for exchanging sensitive data without requiring any additional software installations.

🚀 Available Now

The service is available immediately and can be used at any time.
If needed, I can also deploy PrivateBin as a dedicated in-house solution, customized with your company’s branding, policies, and security requirements.

Here you will find PrivateBin:

https://share.it-service-commander.de

Categories
Blog Messenger Security Server

2025-11-03: free UnifiedPush Service with NTFY

🔧 I Run My Own Push Service – Without Google or Apple

As an IT service provider, I value privacy, control, and independence. Most apps on Android or iOS rely on the major cloud services from Google (Firebase Cloud Messaging) or Apple (APNS) for their notifications.
These systems are convenient—but they also mean that every notification travels through external servers.

I wanted to do things differently: privacy-friendly, transparent, and fully under my own control.
That’s why I’ve set up my own push service based on NTFY.

🌐 What Is NTFY?

🧠 NTFY is a free and open-source software solution that sends push notifications over the internet—without a central provider, simply via HTTPS. You can think of it like a small private mail carrier for your apps: Instead of Google or Apple forwarding your messages, your own server takes care of it.

📲 This becomes especially powerful when combined with the open standard UnifiedPush. UnifiedPush ensures that apps on your smartphone are no longer dependent on Google services to receive messages. Instead, the apps register with your own push server—in my case:

🌍 https://ntfy.it-service-commander.de

This allows notifications (for example from messengers or email apps) to work without a Google account or Play Services.

🔒 Privacy and Security Come First

🛡️ The big advantage: All data stays on my server.

That means:

  • No connection to Google, Apple, or any other cloud provider
  • No data sharing or analysis by third parties
  • Full control over retention periods, logs, and access rights

📊 Push messages contain no actual content.
They are only small technical signals such as “New message available.” Your app then retrieves the actual encrypted content directly from the respective service (e.g., Matrix or email). This ensures complete data protection—no one but you and your app can see the content of your messages.

⚙️ How to Set Up the Service in Your NTFY App


📲 Setup is incredibly simple:

  1. Open the NTFY app (available free on F-Droid or the Play Store).
  2. Go to Settings → UnifiedPush Server.
  3. Enter my server address:
    👉 https://ntfy.it-service-commander.de

That’s it!
From now on, supported apps will automatically use this server to receive push notifications.

💡 Many privacy-friendly apps such as Element (Matrix), FluffyChat, or NextPush already support UnifiedPush.

🧰 Technical Background (Simply Explained)

💻 I run my NTFY server on a secured Linux system.
A reverse proxy (Nginx Proxy Manager) handles encrypted HTTPS connections. User self-registration is disabled, and strict limits are in place for message and attachment sizes. Uploads without authentication are completely turned off.

This ensures that the server is used solely for push notifications—not for files or chat messages. That prevents abuse and keeps communication lightweight and secure.

🚀 My Conclusion

🔒 I can now offer push notifications without relying on Google or Apple.
That gives me full control over technology and data privacy, allowing me to provide clients with a modern and secure alternative.

📡 If you value privacy, data sovereignty, and independence, running your own UnifiedPush service with NTFY is the right choice.

📥 Download NTFY and Try It Yourself

⬇️ You can download the NTFY app safely and for free here:

📱 Android (Google Play Store)
👉 Open NTFY in the Play Store

🐧 Android (F-Droid – Google-free version)
👉 Download NTFY from F-Droid

🍎 Apple iOS (App Store)
👉 View NTFY in the App Store

🛰️ Direct download from IT-Service-Commander.de

Manual installation file available for free download (for advanced users)

Connect NTFY directly to my server and start using privacy-friendly push notifications – completely free from Google or Apple services.

🛡️ “Owning your infrastructure isn’t a burden – it’s digital freedom.”
– Yours,
Tom Commander

Categories
Blog Android Bitcoin Finance OpenSource Security

2025-10-19: Phoenix Wallet – The Easy Bitcoin App for Everyday Use

💡 Fast, secure, and simple: That’s the best way to describe the Phoenix Wallet.
This app makes paying with Bitcoin as easy as paying with a regular mobile app — whether it’s for a coffee, lunch, or an online purchase.

In this article, you’ll learn what makes Phoenix special, why it’s perfect for instant Bitcoin payments, and why it’s better suited for everyday use than the well-known Electrum app.

🔥 What Is the Phoenix Wallet?

The Phoenix Wallet is a Bitcoin app for Android, developed by the French company ACINQ, one of the leading contributors to the Lightning Network.

The Lightning Network is an additional layer built on top of Bitcoin that allows instant, low-fee transactions. Instead of waiting minutes for a confirmation, payments are completed in just a few seconds.

What makes Phoenix stand out:
You don’t need to deal with technical setup, complicated terms, or your own Bitcoin node.
The app handles everything for you — and you still stay in full control of your money.

⚡ Why Phoenix Is Perfect for Fast Payments

Many Bitcoin wallets are complicated or made for experienced users. Phoenix, however, is designed so that anyone can use it right away.

Here’s why Phoenix is so convenient:

Automatic Channel Management
Phoenix automatically handles all the technical details in the background, like opening or managing payment channels. You don’t have to worry about any of that.

Instant Lightning Payments
Payments are usually confirmed instantly, making it perfect for small, everyday purchases — in stores, restaurants, or online.

Simple and Clean Interface
The design is intuitive. You can easily see your Bitcoin balance and recent transactions at a glance.

Transparent Fees
Phoenix clearly shows when a small fee applies (for example, when opening a new payment channel). There are no hidden costs.

🔒 Security: How Phoenix Protects Your Bitcoin

Security is a big concern for new Bitcoin users — and rightly so! The good news is that Phoenix is built to keep your funds safe and under your full control.

Here’s how:

🔐 You Control Your Money
Phoenix is a non-custodial wallet, which means your Bitcoin is stored only on your device, not on a company server. Only you have access to it.

📱 Strong Encryption
All sensitive data is encrypted directly on your phone. Even if someone finds your device, they can’t access your Bitcoin without your secret recovery phrase.

☁️ Easy Recovery
When you set up the wallet, you get a 12-word recovery phrase. With it, you can restore your wallet anytime — for example, if you lose or replace your phone.

🧩 Trusted Developer
Phoenix is developed by ACINQ, one of the key companies behind the Lightning Network. The app is open to community review and regularly updated for security and reliability (OpenSource).

⚙️ Phoenix Wallet vs. Electrum – Which Is Better for Everyday Use?

The Electrum Wallet is one of the oldest and most respected Bitcoin wallets. It’s very powerful — but also quite technical. For beginners, it can feel overwhelming.

Phoenix, on the other hand, is made for simplicity and daily Bitcoin payments.

FeaturePhoenix WalletElectrum
Lightning PaymentsFully integrated and automaticOptional, requires setup
Ease of Use✅ Very beginner-friendly❌ Designed for advanced users
SpeedInstant (Lightning)Slower (On-chain)
SecurityNon-custodial and encryptedNon-custodial but complex
Best Use CaseEveryday mobile paymentsLong-term storage, desktop use

👉 In short:

  • Electrum is great for long-term Bitcoin storage or advanced users.
  • Phoenix is ideal if you want to use Bitcoin for everyday payments — quick, easy, and safe.
💬 Conclusion: Phoenix Makes Bitcoin Easy

The Phoenix Wallet is the perfect choice for anyone who wants to actually use Bitcoin — not just hold it.

You don’t need to be a tech expert or understand the details of the Lightning Network.
Phoenix makes Bitcoin as easy as paying with your phone, while keeping your funds secure and decentralized.

⚡ If you’re looking for a fast, trustworthy, and beginner-friendly Bitcoin app, Phoenix is the one to try.

Download:

Get it on Google Play
Get it on the AppStore
Manual installation file available for free download (for advanced users)
Categories
Blog Bitcoin Security

2025-10-15: Bitcoin Fulcrum Server – Secure, Fast & Open for Everyone

🔒 What is it, exactly?
A Fulcrum server is what’s known as an Electrum server for the Bitcoin network. It allows wallet apps such as Phoenix, Electrum, or Sparrow to connect securely and quickly to the blockchain – the decentralized database that records all Bitcoin transactions.
Instead of downloading the entire Bitcoin blockchain, wallets can use a Fulcrum server to fetch only the data they need — efficiently, privately, and without relying on big centralized providers.

⚙️ Technical Details
My Fulcrum server runs at the following address:
👉 fulcrum.it-service-commander.de:50002
The connection is fully SSL-encrypted, ensuring all communication is secure.
Behind the scenes, it’s powered by Bitcoin Core 29.2, directly connected to the Bitcoin network.

💼 Why I’m Offering This
As an IT service provider, I work with a few clients who are increasingly interested in Bitcoin, self-custody, and digital security.
Most wallet apps automatically connect to public servers on the internet — and you never really know who operates them or what kind of data they collect.

With my own Fulcrum server, I provide my clients (and anyone interested) with a trusted, privacy-friendly, and stable infrastructure they can easily configure in their wallet app.

📱 How to Connect


Getting started is simple:

  1. Open your wallet app (e.g., Phoenix, Electrum, or Sparrow).
  2. Go to the Server Settings section.
  3. Enter the following details:
fulcrum.it-service-commander.de
Port: 50002
SSL: enabled (✔)
  1. Save the settings — and you’re all set! Your wallet is now securely connected to my Fulcrum server.

🔧 Benefits for My Clients
✅ Fast synchronization with the Bitcoin blockchain
✅ Fully encrypted communication via SSL
✅ No dependency on unknown third-party servers
✅ Ideal for businesses integrating Bitcoin into their IT infrastructure
✅ Transparent, European-based infrastructure — operated by a local IT provider

🚀 Conclusion
With my public Bitcoin Fulcrum server, I aim to make secure, decentralized technologies more accessible — especially for small and mid-sized businesses.
Anyone using Bitcoin should understand that real trust comes from transparency and open systems — and that’s exactly what this service represents.

Categories
Blog Cloud Future Security Server

2025-10-12: Rhineland & Digital Future – IT with Heart and Mind

🧡 The Rhineland – a place of culture, progress, and community
In the Rhein-Erft district, tradition meets innovation. Between vibrant culture, dedicated people, and constant change, the Rhineland is a region where people love to live – and work.

⛰️ A symbol of transformation: the Sophienhöhe
Behind the Sophienhöhe, the Hambach open-cast mine is still in operation. The forested hill shows how nature can return to an area once shaped by industry. It stands for change – just as modern IT creates something new from existing systems.

💡 IT services with a regional touch
As an IT service provider based in the Rhineland, I help companies make their IT infrastructure secure, efficient, and future-proof. My services include:

  • 🔒 Data backup & IT security
  • ☁️ Cloud and remote work solutions
  • 🖥️ Remote maintenance & video conferencing
  • 🌐 Websites & hosting on German servers

🚀 My goal: Technology should work for you – reliably, securely, and without complications.
With personal support and clear communication, I provide IT solutions tailored to your business – modern, sustainable, and people-oriented.

Categories
Blog Backupsolutions Cloud Security

2025-10-03: Day of German Unity: A Good Moment to Think About Your Data Security

On October 3rd, Germany celebrates the Day of German Unity – a moment of reflection and remembrance. Many people use this holiday to pause, get organized, or take care of things that are often neglected in everyday life. It’s also the perfect occasion to think about the security of your digital data.

💾 Why Backups Are Essential

Data loss happens faster than you might think: hardware failures, cyberattacks, theft, or simple human error can result in precious memories and important documents being lost forever.
Just as October 3rd stands for stability and unity, a well-thought-out backup strategy ensures security and peace of mind in your digital life.

📐 The 3-2-1 Rule

A simple yet highly effective approach is the 3-2-1 rule:

  • 3 copies of your data – the original and two backups
  • 2 different storage types – for example, an external hard drive and a cloud service
  • 1 copy off-site – to stay protected even in the event of fire, water damage, or theft
🛠️ Practical Backup Options for Home Users
  • External hard drives or SSDs: quick to set up and affordable
  • NAS systems: centralized in your home network, often supporting automated backups
  • Cloud backups: encrypted, flexible, and accessible from anywhere

The best strategy is often a combination, such as a local external drive plus a secure cloud backup.

⚡ The Risks of No Backup
  • Accidentally deleted files
  • Ransomware or other malware attacks
  • Physical loss through fire, water, or theft

With a backup in place, you gain confidence and resilience – much like a stable society gains strength through unity.

🤝 Professional Support

Beyond these tips, I also offer personalized support.
Whether you are a private user with irreplaceable family photos or a small business with sensitive customer data – I can help you develop a backup solution that fits your needs. I work with modern, GDPR-compliant systems and, if required, storage solutions in professional data centers in Germany or across Europe.

My tip: Use the Day of German Unity not only to celebrate, but also as a reminder to review or set up your data backups. It only takes a little time – but gives you long-term security and freedom.

Categories
Blog Backupsolutions Security Server Uptime

2025-09-27: Backup or Bankruptcy – Why I Pull the Plug on Cyber-Extortionists

Imagine this: It’s Monday morning, the coffee machine is running, your PC boots up – and suddenly, shock. Instead of your usual desktop, a dark message pops up: “Your data has been encrypted. Pay in cryptocurrency XY.”
This scenario happens every single day in companies across the globe – from small businesses to international corporations. Cybercriminals make no exceptions.

🔒 Ransomware – a Growing Threat

A recent example shows how serious this has become: In September 2025, a ransomware attack on IT service provider Collins Aerospace crippled the check-in systems of several European airports – including Berlin. Thousands of passengers were stranded, flights were delayed or canceled altogether. Investigators believe the ransomware group HardBit was behind the attack.

👉 The message is clear: If even critical infrastructures with million-dollar budgets can be knocked out, how quickly could it happen to small and mid-sized companies without a professional backup strategy?

And this is exactly where I come in: How do I protect your business from this nightmare?

☁️ My Safety Net: The 3-2-1 Principle

I rely on the proven 3-2-1 principle:

  • 3 copies of your data
  • 2 different storage types (e.g., local backup and NAS)
  • 1 copy stored externally in the cloud

This ensures that even in the worst case – if your local IT is compromised – your data remains safe, encrypted, and quickly recoverable.

🚀 My Backup Solutions – Scalable for Your Business

I know every company is different. That’s why I offer packages tailored to size and data requirements:

  • Starter Package: 5 TB of data – ideal for small businesses and startups
  • Business Package: 10 TB of data – perfect for growing companies
  • Enterprise Package: 20 TB and up – scalable for corporations and complex IT environments

All packages include automated backups, bank-level encryption, and cloud storage in European data centers.

💡 More Than Backups – Guaranteed Business Continuity

For me, it’s not just about securing your data – it’s about getting you back on your feet fast in the event of an attack. After all, what good are backups if you’re offline for days? With my solutions, you’ll be up and running again in no time – whether in the office, at home, or on the go.

Conclusion

Ransomware isn’t going away – but your company doesn’t have to be a victim. With the 3-2-1 principle, modern backup strategies, and scalable cloud solutions, I make sure your data is protected and your business keeps moving.

Without a proper backup strategy, the managing director is personally liable – and that’s about as funny as a dentist visit without anesthesia. 🦷

Categories
Blog Security

2025-09-18: HESEKIEL – Protect Your Data, Free of Charge

With Hesekiel, I provide you with a small, lightweight tool that allows you to encrypt text and files quickly and easily.

  • runs in browser
  • no installation
  • completly free of charge

This makes it ideal wherever you need to protect confidential information without effort or overhead.

🚀 Simple & Instant to Use

Hesekiel was deliberately designed by me to be minimalistic:

  • Choose a password 🔑
  • Paste your text or file 📄
  • Encrypt or decrypt – done ✅

It is not a replacement for complex communication platforms, but rather a tool for quick use when other solutions are not available or too cumbersome.

🛡️ Security You Can Rely On

Even though Hesekiel is small and lightweight, it is built on a strong foundation:
AES-GCM 256-bit encryption – the very same standard used by banks and government agencies.

👉 To unleash the full power of this encryption, always choose a strong password (at least 12 characters long).

💼 Recommendation for Professional Use

As an IT service provider, I naturally recommend more mature solutions like Matrix Synapse for professional use in businesses, especially for secure, internal company communication ☁️.

Such systems are far more comprehensive, provide permanent communication channels, and can be integrated seamlessly into existing IT infrastructures.

I am happy to assist you with my IT services when it comes to planning, setting up, and integrating such solutions into your company.

✨ Conclusion

Hesekiel is a small, free tool for quick encryption – practical whenever you need a simple and immediate solution.
For long-term use in everyday business, I can provide you with the right professional solutions and my expertise as an IT service provider.

👉 Try Hesekiel directly here:
https://hesekiel.it-service-commander.de/