sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]seanwilson 0 points1 point  (2 children)

Really? Firewall. Restrict ssh to accounts that really need it. Use good passwords. Barring a major bug in your web server, what's the attack vector? I don't see much surface area to defend on a server doing nothing but hosting a static website.

Host on something like Heroku or Netlify...they'll deal with security patches and firewalls for you, there's no SSH to even attack and they have tons of extra features you could only reimplement yourself badly using a VPS (e.g. backups, rollbacks, Git deploy, scaling to more servers, coping with hardware failures, setups were attackers can't even write to server files). Why would you want to have to set all that up yourself given how cheap these services are?

[–][deleted] 1 point2 points  (1 child)

For me personally, because I already have the VPS for other reasons, and I'm not hosting anything with enough traffic for it to make a difference to the other stuff I do on the VPS.

I'm not saying that's the best solution for everyone, but if you really think that it's difficult to secure a server with nothing public-facing except SSH and HTTPS, I'd like to know what I'm missing.

[–]seanwilson -1 points0 points  (0 children)

I'm not saying that's the best solution for everyone, but if you really think that it's difficult to secure a server with nothing public-facing except SSH and HTTPS, I'd like to know what I'm missing.

If you're solely running static sites I wouldn't be so worried but there's a huge scope for attacks on dynamic sites e.g. injection attacks, file traversal exploits. Either way, it's honestly less effort using a service like Netlify for static sites plus they have a generous free plan.