Remix.run Logo
neogodless 19 hours ago

shrug

In 25 years of hosting a dozen domain names on a server on my home connection, this problem has not surfaced for me.

bayindirh 19 hours ago | parent | next [-]

In 20 years of managing server fleets, I always had the pleasure of watching bots taking a dig at my server(s) the moment I give their public IPs and enable their interfaces.

For someone who knows what they are doing, it's more like mosquito noise, a mere nuisance, but even then, using a rock solid system with all updates installed carries the risk of having a zero-day.

If your server is networked to the rest of the house, and if somebody manages to get in, then it's all fun(!).

wolvoleo 18 hours ago | parent | prev | next [-]

One time has to be the first and when you get hacked they're instantly inside your network unless you were smart enough to set up a DMZ or something.

Especially if you host something like wordpress with plugins you really have to be on the ball with updates.

superkuh 15 hours ago | parent [-]

For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there.

That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories.

wolvoleo 15 hours ago | parent [-]

Ok fair enough yes a static site is really low risk. Usually it's more involved than that though.

zikduruqe 17 hours ago | parent | prev [-]

Yep, same here. fail2ban and some http 444 helps out.