I put up a handful of small servers with SSH honeypots running, and have been watching who tries to break in. I didn’t publicize the addresses, or point any DNS at them, but they almost immediately got found by hackers across the globe. Here’s a visualization and analysis of the data so far.
Last week I had a post make it to the Hacker News front page, and my site immediately went down. After fighting with it for a while, I was able to get it limping along well enough to last the day, and since then I’ve made several simple changes that serve as a much more robust solution. I imagine there are a ton of self-hosters out there with similar setups as I had, so hopefully the details of my comeuppance will help others preventatively.