[londons_explore]

Pretty hard to own a VPS which has no external ports open, even if the software on it is years out of date. In fact, updating software is probably a bigger security risk than not doing so, because you never know when someone manages to package a malicious bit of code into a common debian package.

Also, if it did get owned, I'd just have to spend a few hours rebuilding it - no bitcoin wallets or anything to steal on there.

[antsar]

Fair point about updates being a mixed bag. But “no ports open” doesn’t always mean safe. Maybe someone can pass some evil bits inside transaction metadata? (Disclaimer: no idea what I’m talking about w/r/t transactions, or how much parsing you’re doing)

[BubRoss]

If that were possible it would be exploited on every instance of the insecure software. Luckily what you are saying is far fetched. Why is it that you think a VPS is some fragile thing that is sure to be exploited? There are literally millions of instances chugging away, serving up files. Let's use our best judgement.