Remix.run Logo
wolvoleo 18 hours ago

One time has to be the first and when you get hacked they're instantly inside your network unless you were smart enough to set up a DMZ or something.

Especially if you host something like wordpress with plugins you really have to be on the ball with updates.

superkuh 15 hours ago | parent [-]

For 20 years this was not really an issue. From 2010 to 2020 there wasn't a single nginx cve that applied to my simple static setup. There were literally only a handful of remote CVE at all. With the advent of LLM AI exploit finding there have been 2 CVE this year that I had to look in to. Neither actually applied to me, but it is a different world out there.

That said, the practice of running a modern corporate web browser that auto-executes all programs sent to it from arbitrary unknown third parties is a way, way, way bigger and more common and likely attack surface than a simple static webserver serving files in directories.

wolvoleo 15 hours ago | parent [-]

Ok fair enough yes a static site is really low risk. Usually it's more involved than that though.