I find the idea of self-hosting to be really appealing, but at the same time I find it to be incredibly scary. This is not because I lack the technical expertise, but because I have gotten the impression that everyone on the Internet would immediately try to hack into it to make it join their bot net. As a result, I would have to be constantly vigilant against this, yet one of the numerous assailants would only have to succeed once. Dealing with this constant threat seems like it would be frightening enough as a full-time job, but this would only be a hobby project for me.
How do the self-hosters on Lemmy avoid becoming one with the botnet?
Eh, it can be a lot of work but doesn’t have to be. I’ve automated backups, and if you follow current best practice guidance from industry, you should use long pass phrases and not worry about regularly rotating them. For things like SSH keys, you can rotate them if you think you’ve had a breach but in normal usage there isn’t a huge benefit security-wise since they functionally can’t be guessed and would need to be stolen. If an adversary steals your SSH keys then you’re already pretty hosed as the next step is for them to establish another backdoor to access your server without needing your key.