It's a mean old world out there.

[prog]

When I was first learning Linux and personal system administration a dozen years ago, I was taught the importance of security. However, at the time it seemed something like the importance of knowing a fire drill. We all agreed that the threat was real, but at the same time it had the air of a bogey-man story: nebulous and unlikely. And so for a

Comments

[gemini6ice]

I admit I'm pretty ignorant to information security, but if the default php.ini on your OS is insecure, would changing its settings not rectify the problem?

[prog]

That's my hope, yes. I didn't mean to imply that I was stuck forever; this morning I found and used a tool that scanned my PHP environment, told me how it was awful, and recommended specific fixes, which I then applied.

I'm just sad that Debian, a Linux flavor that focuses so heavily on security, would ship such an insecure configuration of one of the most popular contemporary web-development thingies.

[radtea]

My hosting provider (tera-byte.com) provides turn-key virtual hosting with configurations that are secure. It's a long way from having "real" root access, but gives me sufficient tools to do the job without worrying about security (much). Near as I can tell this kind of thing is the best way to deal with the modern Web without becoming a security expert, which is indeed kinda sad.

Even back in the early 2000's when I ran my own servers most of the traffic I got was script kiddies and the like hitting on known vulnerabilities, most of which Slackware didn't have. I did get rooted once, and fairly soon after moved over to commercial hosting in part of avoid this kind of thing.

[temvald]

On the one hand, that's just Debian, PHP, and maybe WordPress's fault. It's been years since it was acceptable to ship an insecure-by-default package in a Linux distribution.

On the other hand, I have to wonder how much that also has to do with the change in the computer ecosystem over the past few years. Linux used to be the free, personal, DIY way to be on the Internet. Now it's more of a professional server OS, and the free way to be online is to get a set of free-as-in-beer accounts on Gmail, Facebook, etc.

[prog]

Yeah. If I just wanted to host a blog I wouldn't bother with this. My issue is that I both want and (for professional reasons) need a public-facing hacking platform.

If this fails, I'll just bust up my operations as appropriate across a little cloud of hosts, and I bet I could end up doing everything I'd like that way; I don't _need_ a root account to e.g. install and run a Catalyst-based web application. (Working with the digital library of a certain security-conscious local university has made me more proficient at this. :) ) But it would still be kind of a drag.

Infinity Car

[anonymous]

Not long ago i purchased a vehicle and I have no idea which automobile insurance company is really good as well as offers great discounts. Can any one help me? Consider I'm with limited funds. Does any one know which is a good company for my situation?

[taskboy3000]

1. "me too" x 1000

2. The comment about the car insurance is strangely supporting of JMac's original point of an Internet gone wrong.