Monthly Archives: June 2015

While I’ve been happy with my previous hosting (I was using a 256mb VPS on buyvm with offloaded sql), I’ve also been running a few other services for my own use on a VM a friend let me use on his dedi. I was holding out for something reasonably cheap (I’m paying about 16 euros, or 30 sgd for this right now), and not too shitty.

I’ve got an 8 core avato, 8gb of ram, and a 1tb hdd and  paid another 2 euros a month for another IP. This blog (and a few other services) will be running on the VM, while I’m keeping the physical box for a few other things. This should let me do quick reboots of the VM box if need be, and easier backups and moves in future.  I’ve got other plans for the rest of the server.

This is pretty neat.

This blog was offline for a few weeks

I had my account suspended, my blog down, and a entirely warrented, and slightly annoyed email from my VPS host threatening to shut down my service if this happened again…. cause I was too lazy to set key based authentication.

I always figured a reasonably strong, alphanumeric password was enough, and linux was reasonably safe from viruses. An attacker would need to somehow know my password to get in (and yeah, I REALLY should have known better) and that keeping my software minimal and up to date was good enough.

Turns out I got hit by the xorbddos trojan. Lovely. It brute forced my password, injected a rootkit, and used my little, carefully built VPS to DDOS others. On one hand, I should have known better. I’ve set up good key based authentication and am pondering port knocking.

Victim blaming rarely helps, but there’s a few places where I really messed up.

Passwords arn’t good enough. I actually may redo my key based auth setup with stronger keys than what I have now. Its a pain remembering to have my keys so I need to create device specific keys, and a backup one on a USB drive or something. Key based auth is *easy*. There’s tons of good tutorials out there, and it takes less htna 5 minutes.

I didn’t have real backups – my db is elsewhere and in theory (and practice!) I could easily rebuild my wordpress instance quickly.  However, if that install *had* been compromised, well.. I’d be in trouble. Still looking for a good solution there. Pondering a periodic scripted tarball of my /var/www and/or something WP specific

My VPS was running *too* well. I’d probably have noticed if I was paying attention to it. I need to log in and look for *obvious* things like high processor usage. I noticed this when I’d logged in to get my WP install out.  In short, I need to *proactively* check on this, and not just run apt-get update every so often.

Some people suck. Seriously. However, a little patience means that they can’t ruin your day by turning your system into a one of the sources of a DDOS attack 😉