[bognition]

This is a perfect example of why most people should not run their own hardware. Don't get me wrong its really fun to build and configure your own server and I openly encourage people to learn but I also remind them that its extremely difficult (for a novice) to do securely.

Additionally connecting a misconfigured server to the internet doesn't just hurt the server owner but the entire network is affected, as you are providing another piece of hardware that malicious actors can use to execute their attacks.

[codezero]

I was going to say the opposite. It's awesome that we can spin up boxes and host our own servers, and on top of that, learn from our mistakes. I doubt there's a person here who's never been host to malware, spam or some other malady as a result of some of the experimentation they've done as they learned more about computer systems.

[bognition]

This is exactly my point. One of the major reasons that malware and malicious actors have been able to do as much as they have is because of the large number of misconfigured devices on the internet.

The internet has evolved beyond a network cobbled together by a bunch of academics and engineers -- its a critical piece of infrastructure.

[rlpb]

The Internet is kept running by a bunch of people who experimented in this way. If they didn't do it any more, in a couple of generations we wouldn't have any competent Internet engineers any more.

[codezero]

Thanks, this puts what I was trying to say in a much more concise and clear context :)

[codezero]

Seems like the problem is vulnerable by default options in software, not experimenting with it. More people have hosted malware by just running Windows than anyone has by experimenting with Apache, then fixing it and learning something useful that can now help other newbies.

[burnte]

I ran a machine in a colo for almost four years, public facing web server for a dedicated webapp. I managed to escape any attacks or infections, but I'm positive it was 80% of what I did and 20% that it's a low volume app that never got attention by malicious actors. And I've been in the industry for a long time, not a noob.

[Canada]

Everything is attacked. It's all automated, not personal.

[tomschlick]

Yup install something like fail2ban & setup email alerts. You'll get a new notice every 5 minutes or so for the first month from all the china based bots trying to login via common ssh credentials.

[A010]

I run snort and from its alerts, the bots come from all around the world not all from CN. Though the CN sources are largest.

[protomyth]

I was rather surprised when I had a week where most of the attacks came from Las Vegas and New Hampshire.

[burnte]

Well, true, we did get spam attacks on the app, so I wound up banning huge swaths of the world. I moved SSH to a very high port, only ran apache, sshd, and an SMTP agent (the machine never received email, inbound was handled by GMail). Still, had someone wanted to exploit the PHP app, I'd be surprised if they couldn't find a weakness. It was custom written, but nearly a decade age.

[Canada]

Elite attackers can compromise almost any target, but even they won't bother finding one-off vulnerabilities when the goal is botnet host acquisition. For that only widely deployed vulnerabilities are worth exploiting.

In practice that means you can get away with something as crazy as opening up a password-free root shell on some random high port, but you can't get away with weak SSH logins or unpatched Wordpress sites.

[vog]

> should not run their own hardware.

Did you mean "should not run their own dedicated server"? The article doesn't mention anything related to hardware. It could have happened with a rented dedicated server, and even within a virtual machine.

[rtehfm]

Better question would be what, assumingly, LAMP stack configuration were they using.