[kqr]

But "broken your blog" could mean "shell access to your blog server" -- is there no risk of illegal activities happening on that server that put the owner at risk? Like, I don't know, drug trade or child porn or whatever?

[simonw]

Anecdotally, I can't remember ever hearing about someone getting in real trouble because their server got popped and someone else used it for crime.

[speakspokespok]

Philosophically: L'État, c'est moi, build your crappy cgi scripts with nginx or apache all from the CLI and all in vim and you will understand.

Practically: Ports 22, 80, and 443 open and directly accessible from 0.0.0.0/0 is extremely manageable.

[rdevsrex]

Why would anyone today leave port 80 open? I do https by default even for my blog.

[alyandon]

For me personally it's just old configs I have that redirect from port 80 to 443. You're right though - probably unnecessary in this day and age.