I heard on the news today that Israel had just suffered a barrage of cyberattacks which took down several government web sites. I think that data-security is likely to become a major issue in this age of escalating international conflict; So, I figure that a post on web site security would be in order.
I really don't know how to create images for abstract concepts; So I just took a snap shot of the inside of a computer for this post:
In my last post I mentioned that I was going to create a website from scratch using using Rust.
I ordered my new VPS server earlier today. I ordered an SSD server from VPS.net which costs $5 a month. I went with VPS simply because I already have an account with the group.
If I was starting from scratch; I think I would use DigitalOcean. DigitalOcean appears to be a bit more focused on the technology.
I started my account with a local company called WestHost back in the early 2000s. A British firm called UK2Group acquired Westhost for its expansion into the US. UK2Group began offering Virtual Private Servers on VPS.net. I think they were ahead of the game when they came to market.
The UK2Group was acquired by The HUT Group run by a Justin Sun clone named Matt Moulding. Matt Moulding built a little web site empire. It appears that he is more interested in his little empire than the technology.
People who engage in business need to be aware of the dangers posed by both the technology and business relations. The HUT Group trades on the London Stock Exchange with the symbol THG . THG, pronounced "thug" is one of the worst ticket symbols I've seen for awhile.
Any group that has physical access to a machine can do things that compromise the security of the machine. Web hosting firms have been known to do negative things to their customers.
I still believe that these virtual machines are more secure than the shared hosting plans offered by discount web hosts.
Configuring the Machine
I've looked at my web log. My websites are under constant attack.
There have been several billion attempts to login into the server as root. My guess is that there are programs that test large databases of breached passwords against the root login.
I notice my servers are subject to an unending stream of SQL injection scripts, attempts at cross scripts.
My guess is that every server will be subject to every known vector of attack; so the first step to security is to minimize the number of vectors for attack.
Believing that minimalism is a solid approach to security. So, I decided to use Debian Minimal as the OS.
The first step in setting up the system was to create a user account with a strange name and secure password. I added the user to the SUDO group and logged out.
I logged in with my new user name only to discover that Debian Minimal did not include the sudo command.
So, I logged out and logged back in as root. I ran "apt install sudo." I then logged out of root and in as my new user and used a series of sudo commands to disable the root user.
I logged out of my new user and tried logging back in as root ... which failed as expected ... I closed that vector of attack.
What Should I Install Next?
If I was installing the LAMP stack, I would go through the procedures to install Apache, PHP and a database, but I have minimalism on my mind. Digital Ocean has detailed guides for installing LAMP on Ubuntu and Linux.
But I am going for minimalism.
My goal is to see if I can write a functioning web server with Rust. This suggests that my next step should be to install the Rust compiler on the server.
But do I actually need to do that? I want to do some tests in which I compile the code on my personal machine and just publish the executables on the server.
I need to run some errands. Hopefully I will have the first part of my experiment in a minimalist server up and running tomorrow.
When your contract is up for renewal you might look at privex.io.
It is run by a hivizen and supports many of the witnesses.
Privex is a little outside of my price range.
The $5 a month is prorated daily and I can quit at any time. A nice thing about VPS is that one can increase the bandwidth for short duration.
Privex uses Ubuntu. I wanted to go with Debian Minimal. Privex was optimized for Hive nodes. I simply want a straight linux box. This is from the Privex FAQ:
It would be fun to create a whole HIVE tribe and witness node. I've even wondered about trying to revitalize the venerable PAY token and political hive.