Oddbean new post about | logout
Little Mikey D | 4 months ago (raw) | root | parent | reply | flag +1 
 Unattended upgrades? iptables? ssh config lockdown?

I used to manage nearly a thousand websites running mostly on PHP and using parallels plesk. I grew to hate plesk. It doesn't respect system services, it overwrites them. It takes ownership of everything and forces you to do everything through plesk... and then fails to support everything you want to do.
nobody | 4 months ago (raw) | root | parent | reply | flag +1 
 Haven’t had any issues so far. I don’t like unattended upgrades, so I won’t be doing that. The reminder to check SSH configs is a good one though. I did set up 2FA for web login, etc and set the firewall up. 

Backups. I need to get automatic backups going. 😬
Little Mikey D | 4 months ago (raw) | root | parent | reply | flag 
 We had customers who got cryptolockered and they encrypted the backups as well as the main system.  So do something to prevent that.
nobody | 4 months ago (raw) | root | parent | reply | flag 
 Hmm. I was looking at an extension to dump backups to S3 compatible storage. I should be able to set up some sort of immutability depending on the vendor I think? 🤔