Language Selection

English French German Italian Portuguese Spanish

Keeping a Web Site Safe and Available With or Without a CDN

Filed under
Site News

PostgreSQL

THE site Tux Machines is and has been online for over 15 years. It has not suffered security-related incidents. The same is true for Techrights, which soon turns 13. Tux Machines uses Gallery and Drupal, whereas Techrights uses MediaWiki, WordPress and Drupal. WordPress is its most important component as it contains over 26,000 posts. Tux Machines has about 130,000 nodes in Drupal. We don't use a CDN as we have a reasonably powerful server that can cope with the load on its own. For security we use best practices and keep critical issues plugged. I was recently asked for advice on these matters and explained things as follows.

There are mainly two types of attacks (maybe three if one includes social engineering, e.g. tricking a citizen journalist/blogger/administrator into a trap):

1) capacity-based, e.g. DDOS attack

2) exploiting vulnerabilities to degrade/compromise site's quality of service (similar to (1) above but not the same), access site data (confidential), spy on people (writers/staff/visitors) without them being aware.

WordPress runs lots of stuff and powers a lot of the Web, maybe 20% (or more) of today's Web sites. It's regularly checked for security issues and bugs are regularly fixed. Updates can be set to automatic, which means they happen in the background without user intervention. I check the site for updates several times per day, e.g. this one from yesterday.

I've used WordPress for 15 years as an early adopter and developer.

What's known as the "core" of WordPress is generally secure if kept up to date, manually or automatically (for large sites it might make sense to apply patches manually to reduce risk of unnoticed incidents and enable quality control, patch assessment etc). It's also important to keep the underlying operating system and pertinent packages like PHP (programming language), mysql/psql (WordPress and Drupal typically use MariaDB or MySQL as the database, but PostgreSQL should be possible too) and Apache (there are simpler alternatives e.g. NGINX for Web server) up to date.

If we get to keep everything up to date, and moreover we don't install WordPress extensions that cannot be trusted or are no longer maintained (or scarcely maintained), we should be OK. The social engineering part involves stuff such as phishing, e.g. someone sending out an E-mail in an attempt to obtain passwords of privileged users.

If you use a CDN for content distribution, e.g. CloudFlare, then availability will be mostly down to the CDN company. WordPress generates pages on the fly (dynamic), but it has caching mechanisms that can be further improved with extensions. The CDN likely obviates the need for those. So, if the site is receiving 'too many' requests, the CDN can probably scale to deal with that (maybe a more expensive protection plan).

I peronsally would never use CloudFlare (for a lot of reasons), but to many people it's the only CDN that 'counts' or exists. Brand recognition perhaps.

More in Tux Machines

Games: xoreos, Vulkan, Poly Bridge 2, Unrailed! and More

  • xoreos, the FLOSS game engine for titles like Knights of the Old Republic has a new update

    xoreos is an in-development effort to create a free and open source game engine reimplementation of the BioWare Aurora Engine that powers games like Star Wars: Knights of the Old Republic. It's finally had a new release with xoreos 0.0.6 and it still seems like quite early days for games being playable. This release appears to have laid the groundwork for more improvements to come. The biggest change is that the original Knights of the Old Republic now has a partially working tutorial, it doesn't sound like a lot but for a reimplementation project it's quite a big step forwards to show what it can be capable of.

  • Vulkan API gains new extension to aid translation layers

    Today, the Vulkan API 1.2.149 spec update went out and it includes another extension that's aimed at helping translation layers like DXVK. While we don't usually comment on such minor specification updates to Vulkan, we do pick it up in cases like this where it may directly benefit compatibility layers for Linux gaming. VK_EXT_4444_formats is the new extension, which was worked on by Joshua Ashton (original creator of D9VK, now part of DXVK) for Valve and Jason Ekstrand for Intel. This is actually Ashton's second extension, following on from the release of Vulkan 1.2.140 back in May.

  • The fab physics bridge-builder Poly Bridge 2 gets a huge free content update

    Already finished Poly Bridge 2? Looks like it's time to jump back in as Dry Cactus have just released a huge free content upgrade with lots of new goodies to play with. What is Poly Bridge 2? The sequel to the hit bridge-building physics puzzler from 2016, it brings with it new levels, new mechanics, a custom physics engine, workshop campaigns, and much more. It was already fun and it's constantly improved since release with all sorts of tweaks and little extras but this update released on August 2 is on a whole different level. World 5 has been added, bringing with it the Serenity Valley location with 16 brand new levels and challenges, along with new achievements to hunt down. If that's not enough for you the Sandbox Mode was also expanded with: a new theme and vehicle type, support for duplicating multiple selected items, accurate selection for boats and planes, undo support for multiple changes and a custom shape option.

  • Unrailed! is gearing up for launch with a discount before the price goes up

    Unrailed! is an absolutely fantastic co-op game from Indoor Astronaut and Daedalic Entertainment that has you frantically build a train track to keep your train going as far as possible. It entered Early Access back in September 2019, with Linux support arriving in February 2020 and now they're looking to the near-future with a full release approaching. They've not said exactly when but they have confirmed the price will be rising, so they've put it on a reasonably big discount (42%) until August 17.

  • Community Game Night - Rexuiz - LIVE

    This is another Community Game Night stream where you guys can join me in a game for some fun and laughs. You can also join me in my Discord channel's voice chat. Tonight, I'm trying out a new (for me) first person shooter called Rexuiz. It is a fork of the old Nexuiz game, which was great (Xonotic is also forked from Nexuiz). Rexuiz is available on Linux, Mac and Windows.

  • How to Install Itch on Ubuntu and Other Linux Distributions

    Itch is a platform for independent digital creators with main focus on indie games. It was actually started as website to host, sell and download indie video games but these days, Itch also provides books, comics, tools, board games, soundtracks and more digital content from indie creators. As a user, you can download these digital content either for free or for a price set by the creator. All your downloads and purchases are synced to your account so that you can download them whenever you want.

today's howtos

Android Leftovers

Collabora Office 6.4 Brings Outstanding MS Office Interoperability, LTS Support

Based on the upstream LibreOffice 6.4 source code, Collabora Office 6.4 is a major release that brings a plethora of new features and enhancements on top of the existing LibreOffice 6.4 features, as well as better performance and long-term support that businesses and professionals need to keep their businesses running. Highlights include outstanding interoperability with any file format generated from MS Office, including word documents, presentations and spreadsheets, support for up to five characters in Padded Numbering, and the ability to add visible signatures to existing PDF documents. Security and privacy are probably the most important thing when dealing with our digital lives, and Collabora Office 6.4 introduces new security features, such as the ability to encrypt PDF documents when sending them with the Mail Merge feature in Collabora Office Writer. Read more