I’m also willing to contribute financially to the serverpilot.io service for a sever, because "(...) The number one thing that I loathed about managing my own VPS, was security. A fully-fledged Linux instance, exposed to the public Internet 24/7, is a big responsibility(1). There are plenty of attack(2) vectors: SSH credentials(3) compromise; inadequate firewall setup(4); HTTP or other DDoS'ing(5); web application-level vulnerabilities (SQL injection(6), XSS(7), CSRF(8), etc); and un-patched system-level vulnerabilities (Log4j(9), Heartbleed(10), Shellshock(11), etc). Unless you're an experienced full-time security specialist, *and* you're someone with time to spare (and I'm neither of those things), there's no way you'll ever be on top of all that. (...)"(12)
(1) https://www.cyberciti.biz/tips/linux-security.html (2) https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-common_exploits_and_attacks (3) https://cloudsecurityalliance.org/blog/2014/03/05/youre-already-compromised-exposing-ssh-as-an-attack-vector/ (4) https://www.cyberciti.biz/faq/howto-configure-setup-firewall-with-ufw-on-ubuntu-linux/ (5) https://www.ubuntufree.com/how-to-stop-a-ddos-attack-on-ubuntu/ (6) https://xkcd.com/327/ (7) https://owasp.org/www-community/attacks/xss/ (8) https://encyclopedia.kaspersky.com/glossary/cross-site-request-forgery-csrf-xsrf/ (9) https://hackernoon.com/0-day-log4shell-is-serious-but-its-just-the-tip-of-the-iceberg (10) https://www.cisa.gov/uscert/ncas/alerts/TA14-098A (11) https://securityintelligence.com/articles/shellshock-vulnerability-in-depth/ (12) https://greenash.net.au/thoughts/2022/03/i-dont-need-a-vps-anymore/ P. On 3/23/22, 'Alexander van der Vekens' via Metamath <[email protected]> wrote: > I’m also willing to contribute financially to a Metamath server. > > On Saturday, March 19, 2022 at 6:23:43 PM UTC+1 Cris Perdue wrote: > >> Hi Dear (Meta)math heads, >> >> On Sat, Mar 19, 2022 at 3:47 AM Mázsa Péter <[email protected]> wrote: >> >>> On 3/19/22, Mingli Yuan <[email protected]> wrote: >>> > I would like to raise an issue of cybersecurity if any one wants to >>> > take >>> > charge of any server. >>> > We heard of the news that the linux code repository was hacked before. >>> > That means we need to patch the server routinely and upgrade the OS at >>> > least. >>> >>> https://serverpilot.io/features/#security >>> does this for you (combined with a digitalocean server) >>> >> >> Please try not to worry too much about the details of different services. >> >> I have no doubt Linode will be a more than adequate platform. And I say >> this as someone with quite a bit of real-world experience running and >> managing mission-critical Linux servers. >> >> It is good to document operational practices including security practices, >> >> and I'll bet David and whoever helps him will be glad to do that. Norm >> made >> a good start toward that. >> >> About OS upgrades, Linode has a pretty slick system for upgrading your >> kernel. You just select your new kernel from a list in their web interface >> >> and ask it to reboot your server. The Linux package managers do a great >> job >> making it easy to update installed packages. >> >> -Cris >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Metamath" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/metamath/c4f114b0-5a22-4e80-8b03-f6bbf384a489n%40googlegroups.com. > -- You received this message because you are subscribed to the Google Groups "Metamath" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/metamath/CAJJTU5q5hrOz8%3Djp-%2BDsrnDyre8zHGU7w6ZYmiz8hFA_b77wjg%40mail.gmail.com.
