[x5n1]

> there are people who are interested in flooding if you don't practice throttling and load balancing

perhaps someone is out to get you. never experienced this in my life. been running dedicated server with over a hundred installs for 2 years. sure you have script kiddies that might send a bot to try to brute force passwords. But Nginx can easily handle that load.

[gtrubetskoy]

Spammers, phishers and other criminals are _always_ out to get _everyone_. It's typically done by robots - if your VPS is insecure, it's a matter of when, not if, and when is usually sooner than you think.

[x5n1]

I meant DDOS, nobody cares enough to deny access to your little site unless there is something else which is going on. Other stuff, nothing much to worry about. Just follow best practices: use a password keeper, keep your site updated, disable comments, etc.

[gtrubetskoy]

The way that typically goes is first your VPS gets exploited somehow and used to serve illegal content, send spam or scan other hosts. Then it gets DDOS-ed by someone who doesn't like the content or attacks initiated from the VPS.