Category: Server

Categories
Cloud DNS Security Server Uptime

2025-11-19: Cloudflare down – Hetzner remains unshakable!

Cloudflare is one of the largest internet service providers in the world. Many websites rely on Cloudflare because it offers three major advantages:

  • 🚀 Faster loading times thanks to servers distributed around the globe
  • 🛡️ Protection against attacks, such as DDoS
  • 🔁 Stable availability, even under heavy traffic

Because Cloudflare delivers these features efficiently and at a good price, an enormous number of websites depend on it. But that popularity also creates a risk: When Cloudflare goes down, many sites go down with it.

🧩 Why self-hosted servers are often less affected

If you host your website or application on your own server, you’re far less dependent on big platforms like Cloudflare. That means:

🔐 More control over your own security

With simple measures such as:

  • 🔑 SSH keys instead of simple passwords
  • 🚫 Firewalls to block unwanted access
  • 🛡️ Fail2Ban, which automatically blocks repeated attack attempts

you can secure your server very effectively—without relying on external security services.

🕹️ More control & more reliability

I host my servers at Hetzner in Falkenstein, Germany 🇩🇪 — and during the Cloudflare outage, not a single second of downtime occurred.
Everything continued to run perfectly.

To me, this is a perfect example of digital sovereignty in Germany: Not depending on large U.S. providers, but maintaining your own stable, local infrastructure.

⚠️ Of course, nothing is 100% risk-free

✨ Running your own server doesn’t mean nothing can ever go wrong.
Self-hosted servers can also experience:

  • outages 🛑
  • overload 📈
  • network or power issues 🔌

But the key difference is: you have the responsibility— and the control.

🎯 Conclusion

The Cloudflare outage shows how vulnerable large, centralized internet services can be. If you host your servers yourself—such as at Hetzner in Germany—and secure them properly, you often end up with a more stable and sovereign solution. 🧭

Categories
Cloud OpenSource Security Server

2025-11-13: New Service: PrivateBin – Secure File & Message Sharing

https://share.it-service-commander.de

In modern IT security, strong passwords and firewalls are just part of the story. Equally important is how sensitive information is shared. To meet this need, I am introducing a new service: PrivateBin – a fully encrypted, secure platform for sharing files and messages.

🔒 What is PrivateBin?

PrivateBin is a client-side encrypted paste and file-sharing service designed to securely exchange confidential information.
Unlike traditional upload or paste platforms, PrivateBin performs encryption directly in your browser before any data reaches the server.

This means:

  • The server cannot read the contents
  • Encryption keys never leave the client
  • Only encrypted data blobs are stored
  • Decryption is only possible with the key embedded in the generated link

In other words, PrivateBin operates as a zero-knowledge service. As the service provider, I technically cannot access or view any uploaded content.

📦 What Benefits Does My PrivateBin Service Offer?

To ensure the highest level of security and usability, the deployed system has been enhanced with several important features:

✔ Secure Transmission

All data is encrypted client-side and transmitted via HTTPS.

✔ Protected Storage

Only encrypted data is stored on the infrastructure — completely unreadable to anyone.

✔ File Uploads up to 50 MB

Ideal for sharing documents, diagnostic logs, confidential information, or larger technical files.

✔ Limited Retention

Files and messages are automatically deleted after 4 weeks — permanently and irreversibly.

✔ Optional Password Protection

Each paste or file can be secured with an additional password for extra peace of mind.

✔ No Registration Required

The service is available instantly — no accounts, no personal data collection, no tracking.

📁 Use Cases for Businesses & Teams
  • Securely sharing credentials
  • Exchanging confidential client documents
  • Sending system logs or diagnostic outputs
  • GDPR-compliant information transfer
  • Project communication without email risks
  • Safe data exchange with external service providers
  • Temporary sharing of sensitive files

PrivateBin is especially useful whenever traditional email or messaging tools are too risky or not appropriate.

🔧 Why I Provide This Service

As an IT service provider, I frequently encounter situations where clients need to share confidential information with me or within their teams.
Sending such content through insecure platforms — or via plain-text email — introduces unnecessary security risks.

By offering PrivateBin, I provide a secure, controlled, and modern method for exchanging sensitive data without requiring any additional software installations.

🚀 Available Now

The service is available immediately and can be used at any time.
If needed, I can also deploy PrivateBin as a dedicated in-house solution, customized with your company’s branding, policies, and security requirements.

Here you will find PrivateBin:

https://share.it-service-commander.de

Categories
Blog Messenger Security Server

2025-11-03: free UnifiedPush Service with NTFY

🔧 I Run My Own Push Service – Without Google or Apple

As an IT service provider, I value privacy, control, and independence. Most apps on Android or iOS rely on the major cloud services from Google (Firebase Cloud Messaging) or Apple (APNS) for their notifications.
These systems are convenient—but they also mean that every notification travels through external servers.

I wanted to do things differently: privacy-friendly, transparent, and fully under my own control.
That’s why I’ve set up my own push service based on NTFY.

🌐 What Is NTFY?

🧠 NTFY is a free and open-source software solution that sends push notifications over the internet—without a central provider, simply via HTTPS. You can think of it like a small private mail carrier for your apps: Instead of Google or Apple forwarding your messages, your own server takes care of it.

📲 This becomes especially powerful when combined with the open standard UnifiedPush. UnifiedPush ensures that apps on your smartphone are no longer dependent on Google services to receive messages. Instead, the apps register with your own push server—in my case:

🌍 https://ntfy.it-service-commander.de

This allows notifications (for example from messengers or email apps) to work without a Google account or Play Services.

🔒 Privacy and Security Come First

🛡️ The big advantage: All data stays on my server.

That means:

  • No connection to Google, Apple, or any other cloud provider
  • No data sharing or analysis by third parties
  • Full control over retention periods, logs, and access rights

📊 Push messages contain no actual content.
They are only small technical signals such as “New message available.” Your app then retrieves the actual encrypted content directly from the respective service (e.g., Matrix or email). This ensures complete data protection—no one but you and your app can see the content of your messages.

⚙️ How to Set Up the Service in Your NTFY App


📲 Setup is incredibly simple:

  1. Open the NTFY app (available free on F-Droid or the Play Store).
  2. Go to Settings → UnifiedPush Server.
  3. Enter my server address:
    👉 https://ntfy.it-service-commander.de

That’s it!
From now on, supported apps will automatically use this server to receive push notifications.

💡 Many privacy-friendly apps such as Element (Matrix), FluffyChat, or NextPush already support UnifiedPush.

🧰 Technical Background (Simply Explained)

💻 I run my NTFY server on a secured Linux system.
A reverse proxy (Nginx Proxy Manager) handles encrypted HTTPS connections. User self-registration is disabled, and strict limits are in place for message and attachment sizes. Uploads without authentication are completely turned off.

This ensures that the server is used solely for push notifications—not for files or chat messages. That prevents abuse and keeps communication lightweight and secure.

🚀 My Conclusion

🔒 I can now offer push notifications without relying on Google or Apple.
That gives me full control over technology and data privacy, allowing me to provide clients with a modern and secure alternative.

📡 If you value privacy, data sovereignty, and independence, running your own UnifiedPush service with NTFY is the right choice.

📥 Download NTFY and Try It Yourself

⬇️ You can download the NTFY app safely and for free here:

📱 Android (Google Play Store)
👉 Open NTFY in the Play Store

🐧 Android (F-Droid – Google-free version)
👉 Download NTFY from F-Droid

🍎 Apple iOS (App Store)
👉 View NTFY in the App Store

🛰️ Direct download from IT-Service-Commander.de

Manual installation file available for free download (for advanced users)

Connect NTFY directly to my server and start using privacy-friendly push notifications – completely free from Google or Apple services.

🛡️ “Owning your infrastructure isn’t a burden – it’s digital freedom.”
– Yours,
Tom Commander

Categories
Blog Cloud Future Security Server

2025-10-12: Rhineland & Digital Future – IT with Heart and Mind

🧡 The Rhineland – a place of culture, progress, and community
In the Rhein-Erft district, tradition meets innovation. Between vibrant culture, dedicated people, and constant change, the Rhineland is a region where people love to live – and work.

⛰️ A symbol of transformation: the Sophienhöhe
Behind the Sophienhöhe, the Hambach open-cast mine is still in operation. The forested hill shows how nature can return to an area once shaped by industry. It stands for change – just as modern IT creates something new from existing systems.

💡 IT services with a regional touch
As an IT service provider based in the Rhineland, I help companies make their IT infrastructure secure, efficient, and future-proof. My services include:

  • 🔒 Data backup & IT security
  • ☁️ Cloud and remote work solutions
  • 🖥️ Remote maintenance & video conferencing
  • 🌐 Websites & hosting on German servers

🚀 My goal: Technology should work for you – reliably, securely, and without complications.
With personal support and clear communication, I provide IT solutions tailored to your business – modern, sustainable, and people-oriented.

Categories
Blog Backupsolutions Security Server Uptime

2025-09-27: Backup or Bankruptcy – Why I Pull the Plug on Cyber-Extortionists

Imagine this: It’s Monday morning, the coffee machine is running, your PC boots up – and suddenly, shock. Instead of your usual desktop, a dark message pops up: “Your data has been encrypted. Pay in cryptocurrency XY.”
This scenario happens every single day in companies across the globe – from small businesses to international corporations. Cybercriminals make no exceptions.

🔒 Ransomware – a Growing Threat

A recent example shows how serious this has become: In September 2025, a ransomware attack on IT service provider Collins Aerospace crippled the check-in systems of several European airports – including Berlin. Thousands of passengers were stranded, flights were delayed or canceled altogether. Investigators believe the ransomware group HardBit was behind the attack.

👉 The message is clear: If even critical infrastructures with million-dollar budgets can be knocked out, how quickly could it happen to small and mid-sized companies without a professional backup strategy?

And this is exactly where I come in: How do I protect your business from this nightmare?

☁️ My Safety Net: The 3-2-1 Principle

I rely on the proven 3-2-1 principle:

  • 3 copies of your data
  • 2 different storage types (e.g., local backup and NAS)
  • 1 copy stored externally in the cloud

This ensures that even in the worst case – if your local IT is compromised – your data remains safe, encrypted, and quickly recoverable.

🚀 My Backup Solutions – Scalable for Your Business

I know every company is different. That’s why I offer packages tailored to size and data requirements:

  • Starter Package: 5 TB of data – ideal for small businesses and startups
  • Business Package: 10 TB of data – perfect for growing companies
  • Enterprise Package: 20 TB and up – scalable for corporations and complex IT environments

All packages include automated backups, bank-level encryption, and cloud storage in European data centers.

💡 More Than Backups – Guaranteed Business Continuity

For me, it’s not just about securing your data – it’s about getting you back on your feet fast in the event of an attack. After all, what good are backups if you’re offline for days? With my solutions, you’ll be up and running again in no time – whether in the office, at home, or on the go.

Conclusion

Ransomware isn’t going away – but your company doesn’t have to be a victim. With the 3-2-1 principle, modern backup strategies, and scalable cloud solutions, I make sure your data is protected and your business keeps moving.

Without a proper backup strategy, the managing director is personally liable – and that’s about as funny as a dentist visit without anesthesia. 🦷

Categories
Blog Server Video conference

2025-09-13: Secure Video Conferences for Your Business

As IT-Service-Commander, I now offer professional video conferencing solutions tailored for companies. Many businesses still rely on US providers like Zoom or Teams – which comes with risks regarding data protection and dependency. My solution: GDPR-compliant, hosted on German servers, and easy to use.

Your benefits:

  • Strong security & encryption
  • Join via link – no registration required
  • Works in browser or via mobile app
  • Useful features: screen sharing, chat, recording, password protection

The system is based on the proven open-source platform Jitsi – transparent, reliable, and independent. Whether for small team meetings, webinars, or large-scale online events: I provide a solution customized to your company’s size and requirements.

🤝 My service for you:

  • Personal consultation & setup
  • Training and ongoing support
  • Flexible packages with transparent pricing

This gives you full control over your data, reliable technology, and a future-proof communication solution.

👉 Learn more at: Video conference

Categories
Blog Cloud Security Server

2025-09-05: Microsoft Lock-In? Break Free – Build Your Own Cloud!

Let’s be honest: Do you really want to hand over your sensitive data blindly to a corporation like Microsoft?
I don’t. And that’s exactly why I keep advising my clients not to fall into the dependency trap of Microsoft Cloud.

🔒 Control Instead of Dependence

In Microsoft Cloud, it’s not you but Microsoft who decides what happens with your data, where it’s stored, and which features will still be available tomorrow. Once you’re locked into this ecosystem, it becomes very hard to get out.
That’s what I call vendor lock-in – and it’s not a technical feature, but an economic trap.

⚡ Your Own Cloud – Faster Than You Think

Many believe running their own cloud is complicated, expensive, and slow. The truth is just the opposite:

  • With modern open-source solutions, I can set up a high-performance cloud environment for you in no time.
  • A VPN server ensures secure access from anywhere.
  • Your own cloud server takes care of data storage – and you remain in full control.

The result: super fast, flexible, and free from artificial limitations.

🛠️ Multiple Paths to Success

There isn’t just one way to do it – there are several great options that can be tailored to your needs:

  • Nextcloud: One of the most popular open-source platforms for files, calendars, contacts, and more.
  • Synology DiskStation: Ready-to-use hardware solutions with built-in cloud software, easy to administer.

Whether you prefer maximum flexibility or a convenient turnkey package – both are possible, without falling into Microsoft’s grip.

💡 Why It’s Better
  • No license fees: Stop paying monthly for unused accounts.
  • Full data sovereignty: Your data stays where it belongs – with you.
  • Transparency: Open solutions, no black box.
  • Flexibility: Adapted to your business, not to a corporation’s rules.
🚀 My Offer to You

As an IT service provider, I specialize in freeing companies from the Microsoft Cloud straitjacket and setting up powerful alternatives.
You don’t need to understand the hardware or software in detail – I take care of the setup, security, and operation.

👉 The result: Your own cloud. Independent, fast, and secure.

Categories
Blog Android Messenger OpenSource Security Server

2025-08-17: Molly – Your Privacy-Focused Alternative to Signal

As an IT consultant, I see every day how important secure and private messaging is. Signal does a great job and is rightly considered one of the most secure messengers ✅ – but Molly puts even more emphasis on privacy and control.

What’s especially interesting: On GrapheneOS, Molly is available by default, as it is recommended there as a trusted messenger. But you can also use Molly on any other Android system by simply installing the APK manually.

Why Molly?

Molly is based on the Signal protocol but adds additional security features such as encryption at rest (encrypting locally stored data).

Other advantages include:

  • Open-Source – transparent and verifiable.
  • More control – option to use your own push infrastructure.
  • Optimized for privacy – especially in combination with GrapheneOS.

For a deeper look at GrapheneOS, check this out:
GrapheneOS – More Security, Less Google: How to Make Your Smartphone Truly Private

Download the Latest Version
Please note:
Manual installation file available for free download (for advanced users)
Setup with My Molly-Socket Server

To make Molly even more privacy-friendly, you can connect it to my own Molly-Socket server:

https://molly.it-service-commander.de

Here’s how:

  1. Open the app.
  2. Go to Settings → Notifications → Push Notifications.
  3. Select “Unified Push” ? as the push service.
  4. Scan the QR code from my website.
    (https://molly.it-service-commander.de/)

This way, your push notifications don’t run through third-party servers but through your own infrastructure ?️ – a clear advantage for privacy.

Conclusion

Signal is already excellent ✅ – but Molly is the even more privacy-focused choice. On GrapheneOS, Molly comes preinstalled, and on any other Android system it can easily be installed manually.

I personally use Molly every day – not just as a messenger, but as part of a holistic privacy strategy.

Categories
Blog DNS E-Mail Server Webhosting

2025-08-12: My Own Mail Server – and Why Telekom Initially Didn’t Like It

As an IT service provider, I wanted to see for myself: running my own mail server – fully under my control, without depending on external providers.
For this, I use Mailcow, an open-source mail server suite running on a dedicated VPS at Hetzner. Everything is secured, regularly patched, and equipped with anti-spam mechanisms.
So far, so good – or so I thought.

What Actually Happens When an Email Is Sent?

When you send an email, several technical steps happen in the background:

  1. Connection Between Servers
    Your mail server accepts the message and connects to the target mail server – for example, Microsoft, Yahoo, GMX, Web.de, or Telekom.
  2. Identity and Security Checks
    Before the email is accepted, the receiving server checks:
    • Reverse DNS – Does the IP address match the hostname?
    • SPF, DKIM, DMARC – Do the authentication records match?
    • Reputation – Is the sending server known as trustworthy or as a spam source?
  3. Acceptance or Rejection
    If the server fails these checks, the result is ❌ “554 – Bad reputation” or a similar error message.
My Problem with Telekom

While Google, GMX, Web.de, and Yahoo accepted my emails without complaint, Telekom blocked everything coming from my server.
The reason: my IP address had been “inactive for a long time” and therefore had no reputation. For security reasons, Telekom does not accept such senders until they are reviewed – a protection mechanism for their customers.

In practice, this meant that even perfectly configured emails with all standards in place were rejected until I contacted Telekom directly.

✅ The Path to Getting Whitelisted

After a friendly but very technical exchange with Telekom’s Email Engineering team, the following requirements became clear:

  • The hostname of my server had to clearly identify me as the operator.
  • A publicly accessible contact option (phone number, legal notice) had to be linked directly to the sending domain.
  • The server could not be a shared host – only I am allowed to send emails from this IP.
  • Abuse protection (rate limits, account blocking for spam) had to be active.

I adjusted the configuration, redirected my domain cmdsrv.de directly to my legal notice page, and confirmed all required points.
Shortly afterward, I received confirmation from Telekom that my IP reputation would be reset:

“We will arrange for the reputation of this IP number to be reset in our systems. (Please note that depending on system load, it may take up to 24 hours for the change to take effect, but experience shows that this is usually done within one to two hours.)”

DMARC Reports – A Must for Admins

In addition to SPF, DKIM, and a clean reputation, as a mail server operator you should regularly evaluate DMARC reports.
These reports are automatically sent by many providers if you create a Postmaster address and set the appropriate DMARC entry in your DNS records.

Example of a valid DMARC DNS record:

v=DMARC1; p=quarantine; rua=mailto:postmaster@DOMAINNAME.de

Important:

  • postmaster@DOMAINNAME.de must be a functional email address that you check regularly.
  • These reports show you from which IP addresses emails were sent in the name of your domain and whether they passed SPF/DKIM checks.
  • This way, you can detect abuse and configuration errors early.
Useful Links for Testing Mail Server Reputation & Configuration

Tip: Run these tests before going live – this will help you avoid surprises with strict providers like Telekom.

☎️ Telekom Postmaster Contact

If your emails are blocked by Telekom, you can reach the Email Engineering team here:

Deutsche Telekom AG
E-Mail Engineering
Deutsche-Telekom-Allee 9
64295 Darmstadt
E-Mail: tobr@rx.t-online.de
Postmaster FAQ: https://postmaster.t-online.de

✅ Mail Server Operator Checklist

Security & Authentication

  • SPF record correctly set
  • DKIM signature active and valid
  • DMARC policy set (and reports reviewed)
  • Functional postmaster@ address created

DNS & Accessibility

  • Reverse DNS (PTR) points to the correct hostname
  • A and MX records are correct and point to the server
  • Website legal notice/contact page linked with sending domain

Reputation & Testing

  • IP address not on blacklists
  • Passed tests with Google, Microsoft, Telekom, GMX/Web.de
  • Mail test score at least 9/10

Operation & Monitoring

  • Spam and virus protection active
  • Rate limits for outgoing mail
  • Log monitoring & alerts for unusual activity
  • Regular backups of mail server configuration and mailboxes

Networking with Other IT Administrators
If you need support or want to exchange ideas with other admins facing similar problems, you’re welcome to join my Matrix Support Groups.
Here I’m happy to help with questions about mail servers, networking, and IT security:
https://it-service-commander.de/en/support-3/groups/

Categories
Webhosting Blog Server Uptime

2025-07-10: New: Web Hosting for Your Online Presence – Directly Managed by Your IT Service Provider

As your trusted IT service provider, I am now pleased to offer not only traditional IT services but also professional web hosting for your online presence.

What can you expect?

With my web hosting service, you will receive:

WordPress websites – customized to your individual needs.
Your own domain & email address – e.g. max.mustermann@your-domain.com.
Worry-free package – I handle the setup, maintenance, and security for you.

For more details, please visit my website under:
➡️ Private Clients => Homepage/Website or
➡️ Businesses => Website.

Technically up to date

Your WordPress site runs in a modern Docker container and is hosted on a virtual private server (VPS). This ensures high flexibility and performance.

Security and backups:

  • Nightly automatic backups of your entire website (including Docker container) are performed.
  • Your emails are managed on a separate VPS using the reliable Mailcow software, enabling you to send and receive emails with your own domain and personalized addresses.

Professional management included

As your IT service provider, I take care of the complete administration and monitoring of your web hosting:

Regular security updates, including for WordPress and installed plugins.
Monitoring to ensure your website is always online.
Prompt assistance, should any issues arise.

Interested?

If you would like to host a new website affordably through me or move an existing WordPress installation, feel free to get in touch. ✉️
I will be happy to advise you individually and find the perfect solution for your project.