I’ve got a lot of dumb little things living out on the internet deployed this way, and I don’t think I’ve ever been compromised. Maybe you were just especially unlucky?
There are some things I’ve deployed without much care and yet they’re always as I left them.
I’m not saying there’s nothing to worry about. I’m just not sure it’s all that difficult with some rudimentary (but sane) security practices.
It is a common theme. Bots and others scan ports and IP ranges all the time. Looking at server logs I always see random server connections trying to get to things like wp-login.php to look for an exploit.
If you put it out there and don't actively secure it it's bound to get compromised - just a matter of when.
Maybe I'm blind to something because I've been in server administration for 15years; but my -really old- IRC network requires about 3 hours of maintenance a year; I have 10 machines and they're constantly being "attacked" (as per logs) but the only time I've ever been compromised was when I was trying to overcomplicate things with fancy tools to make administration easier
That's like saying it's outrageous that a consultant charges $xxxxx for a 5minute fix. You've said it - you've got 15years of experience in server administration. That's what people are paying for.
Having said that I never said it was "hard" - just something needs to be done. I responded to a comment that took it for granted that you'd automatically be safe on the Internet.
Yeah, it's actually crazy just how much every open address gets spammed. You freak out like why are there thousands of attempts to login to my server that I haven't advertised at all, then you Google it and find out it's just the normal state of the internet.
