Mathematics and Computation

A blog about mathematics for computers

Hardware failure and phishing attacks

After more than 1300 days of uninterrupted service, the good old PC that served the blog started to spontaneously reboot every 4 minutes or so. It looks like a hardware failure. I moved the site to a temporary machine. I am seriously considering renting a private virtual server and just forget about buying my own hardware in the future.

On top of that I discovered that evil forces planted a phishing attack on the blog about two weeks ago. The strategy was this:

  1. Create an account on my blog (I stupidly left registration open to everyone).
  2. Elevate account privileges to administrator by exploiting a WordPress security hole (I do not know which one).
  3. Upload evil files to the upload area.
  4. Direct phishing victims to the uploaded files.

So, keep your WordPress as closed as possible.

Comments

I retired my blog-hosting linux box when I realized I could get two years of hosting services for less than the cost of the electricity to keep the machine running (even without a monitor). Now someone else has to worry about patches. The hosting provider (coupons here) even provides SSH access on request.

Can you make a quick calculation that shows the cost of electricity is higher than hosting costs? I need a virtual private server because I want to run some special weird software (i.e., not just Wordpress but also custom executables).

The other worry I have is that a traffic cap might get in the way. For example, for around $25 I can get a virtual private server whose outbound traffic cap is 225GB/month. I have no idea whether my server delivers more traffic than that. I suspect the blog does not, but the random art site might. Also, I would use the server as a subversion repository, that's more traffic. And if I want remote backups, that's even more traffic (rsync goes both ways).

Jason

I was quite reluctant to go with a virtual server. Finally I was faced with hardware failure and I was in a pinch. Linode had deal where you could try it for X days for free. I haven't looked back. The only drawback I see with linode is that the amount of ram is small and the swap memory is so slow that a 5 minute CPU job could take an hour if it's thrashing. It hasn't been a show stopper though.

As for bandwidth, that 225GB/month is more than 1/2 a gig / day, right? That's actually quite a bit of traffic for most sites. Most likely that'd be more than enough.

As for cost, I think it's been cheaper overall and I have greater peace of mind. I spend less time working on or worrying about my server now. To me that's worth it.

And last but not least, Wordpress, where to begin... It's useful, but it appears to be quite exploitable due to the nature of php. I've stopped using but I haven't looked for a replacement yet. I'm considering moving to one of the blog sites.

How to comment on this blog: At present comments are disabled because the relevant script died. If you comment on this post on Mastodon and mention andrejbauer@mathstodon.xyz, I will gladly respond. You are also welcome to contact me directly.