It's a mean old world out there.
When I was first learning Linux and personal system administration a dozen years ago, I was taught the importance of security. However, at the time it seemed something like the importance of knowing a fire drill. We all agreed that the threat was real, but at the same time it had the air of a bogey-man story: nebulous and unlikely. And so for a long time I ran my public servers -- jmac.org and its related interests -- without thinking about any of that stuff too hard. I always use solid passwords just like I always lock my front door behind me, and I left it at that.
I think the world's changed since then. As far as I can tell, it's the case now that all computers visible to the public internet are under constant attack. If your machine has a public IP address, then I can guarantee you that throughout the day, it's getting continually peppered with network traffic from across the globe whose only purpose is probing it for security flaws. Imagine that every time you approach your home or your car, you have to elbow your way through a thin but inevitable crowd of characters tapping at the doors and windows, looking for a crack they can jimmy open and slip through. As far as I can tell, that's how it is now with every computer on the internet. Every single one, at all times.
This traffic is entirely malicious, though it probably doesn't give a shit about you or your data; it just wants to steal your computing resources to further its own ends. It might be the stereotypical maladjusted nerd-boy building a botnet to vanquish his foes in Black Ops by crushing their Xboxes under a network-traffic firehose. My understanding, though, is that it's increasingly likely to be the undertaking of organized criminals, tending to the always-lucrative SEO spam-generation market. Or, geez, at this point I fully expect that several governments and NGOs are playing, too, creating weaponized networks of 0wned personal computers for god knows what, heedless of what country they actually reside in.
I write all this because I've been having some frustrating issues with my own server over the last couple of months. There's a particular, very popular web technology I'd like to use[1], but literally within minutes of my installing the software in question I find my machine enthralled, running scripts by some teenager to knock over a rival's IRC server, or by some 21st-century entrepreneur to smear viagra ads all over someone else's blog. Removing the software would make this stop; re-installing it would re-zombify the server, but in an entirely new way and from a wholly different aggressor. Only today did I start making inroads on why this was happening[2], and I knock on wood that I have actually fixed it for now.
The machine has already been fully compromised once, just last summer; I had to move everything to a new server. It took a long time and I lost stuff in the process, as one always loses things during a move. With the help of friends wiser than I about such things, I set up the new server to be harder to attack than the last one. And still the orcs come, and still I worry that they might have breached the walls yet again.
I don't know what I'll do if they did. I don't want to have to set aside two weekends or more every year to rebuild the machine for the Nth time, just so it can be swamped by agents of the pharmaceutical-selling mafiosos du jour.
Maybe running a personal Linux server just isn't a good idea any more. If so, I literally don't know what I ought to do instead. I expect that there is an answer, and I expect that it would involve giving up a lot of the freedom that I enjoy from running my own Linux server with my own root account. And that would make me awfully sad.
[1] Wordpress, and hence PHP.
[2] The default php.ini file that Debian installs is surprisingly insecure, to the point that it even states at the top of the file that it's too insecure to run in a production environment. Yes, I am deserving of your penguin-waving scorn for installing software without total awareness of every effect it would have on my machine's security, sure. I'm still surprised and disappointed that Debian, of all organizations, would take this stance.
I think the world's changed since then. As far as I can tell, it's the case now that all computers visible to the public internet are under constant attack. If your machine has a public IP address, then I can guarantee you that throughout the day, it's getting continually peppered with network traffic from across the globe whose only purpose is probing it for security flaws. Imagine that every time you approach your home or your car, you have to elbow your way through a thin but inevitable crowd of characters tapping at the doors and windows, looking for a crack they can jimmy open and slip through. As far as I can tell, that's how it is now with every computer on the internet. Every single one, at all times.
This traffic is entirely malicious, though it probably doesn't give a shit about you or your data; it just wants to steal your computing resources to further its own ends. It might be the stereotypical maladjusted nerd-boy building a botnet to vanquish his foes in Black Ops by crushing their Xboxes under a network-traffic firehose. My understanding, though, is that it's increasingly likely to be the undertaking of organized criminals, tending to the always-lucrative SEO spam-generation market. Or, geez, at this point I fully expect that several governments and NGOs are playing, too, creating weaponized networks of 0wned personal computers for god knows what, heedless of what country they actually reside in.
I write all this because I've been having some frustrating issues with my own server over the last couple of months. There's a particular, very popular web technology I'd like to use[1], but literally within minutes of my installing the software in question I find my machine enthralled, running scripts by some teenager to knock over a rival's IRC server, or by some 21st-century entrepreneur to smear viagra ads all over someone else's blog. Removing the software would make this stop; re-installing it would re-zombify the server, but in an entirely new way and from a wholly different aggressor. Only today did I start making inroads on why this was happening[2], and I knock on wood that I have actually fixed it for now.
The machine has already been fully compromised once, just last summer; I had to move everything to a new server. It took a long time and I lost stuff in the process, as one always loses things during a move. With the help of friends wiser than I about such things, I set up the new server to be harder to attack than the last one. And still the orcs come, and still I worry that they might have breached the walls yet again.
I don't know what I'll do if they did. I don't want to have to set aside two weekends or more every year to rebuild the machine for the Nth time, just so it can be swamped by agents of the pharmaceutical-selling mafiosos du jour.
Maybe running a personal Linux server just isn't a good idea any more. If so, I literally don't know what I ought to do instead. I expect that there is an answer, and I expect that it would involve giving up a lot of the freedom that I enjoy from running my own Linux server with my own root account. And that would make me awfully sad.
[1] Wordpress, and hence PHP.
[2] The default php.ini file that Debian installs is surprisingly insecure, to the point that it even states at the top of the file that it's too insecure to run in a production environment. Yes, I am deserving of your penguin-waving scorn for installing software without total awareness of every effect it would have on my machine's security, sure. I'm still surprised and disappointed that Debian, of all organizations, would take this stance.