Language Selection

English French German Italian Portuguese Spanish

Keeping a Web Site Safe and Available With or Without a CDN

Filed under
Site News


THE site Tux Machines is and has been online for over 15 years. It has not suffered security-related incidents. The same is true for Techrights, which soon turns 13. Tux Machines uses Gallery and Drupal, whereas Techrights uses MediaWiki, WordPress and Drupal. WordPress is its most important component as it contains over 26,000 posts. Tux Machines has about 130,000 nodes in Drupal. We don't use a CDN as we have a reasonably powerful server that can cope with the load on its own. For security we use best practices and keep critical issues plugged. I was recently asked for advice on these matters and explained things as follows.

There are mainly two types of attacks (maybe three if one includes social engineering, e.g. tricking a citizen journalist/blogger/administrator into a trap):

1) capacity-based, e.g. DDOS attack

2) exploiting vulnerabilities to degrade/compromise site's quality of service (similar to (1) above but not the same), access site data (confidential), spy on people (writers/staff/visitors) without them being aware.

WordPress runs lots of stuff and powers a lot of the Web, maybe 20% (or more) of today's Web sites. It's regularly checked for security issues and bugs are regularly fixed. Updates can be set to automatic, which means they happen in the background without user intervention. I check the site for updates several times per day, e.g. this one from yesterday.

I've used WordPress for 15 years as an early adopter and developer.

What's known as the "core" of WordPress is generally secure if kept up to date, manually or automatically (for large sites it might make sense to apply patches manually to reduce risk of unnoticed incidents and enable quality control, patch assessment etc). It's also important to keep the underlying operating system and pertinent packages like PHP (programming language), mysql/psql (WordPress and Drupal typically use MariaDB or MySQL as the database, but PostgreSQL should be possible too) and Apache (there are simpler alternatives e.g. NGINX for Web server) up to date.

If we get to keep everything up to date, and moreover we don't install WordPress extensions that cannot be trusted or are no longer maintained (or scarcely maintained), we should be OK. The social engineering part involves stuff such as phishing, e.g. someone sending out an E-mail in an attempt to obtain passwords of privileged users.

If you use a CDN for content distribution, e.g. CloudFlare, then availability will be mostly down to the CDN company. WordPress generates pages on the fly (dynamic), but it has caching mechanisms that can be further improved with extensions. The CDN likely obviates the need for those. So, if the site is receiving 'too many' requests, the CDN can probably scale to deal with that (maybe a more expensive protection plan).

I peronsally would never use CloudFlare (for a lot of reasons), but to many people it's the only CDN that 'counts' or exists. Brand recognition perhaps.

More in Tux Machines

Experience Collabora Online on your Intel NUC with Nextcloud and Ubuntu

Keeping full control over your personal data and documents, is more and more important. Sharing by email or via the services of big tech companies is losing its shine, for obvious reasons. To help our users we introduce a new fresh Nextcloud Ubuntu Appliance for the Intel NUC, that comes with Collabora Online. Simply take an Intel NUC server, install the Ubuntu Appliance and take back control over storing and sharing your personal data and files with Nextcloud. Next, of course, you want to read and edit your documents, now stored on your own server, wherever you are. Naturally you will be able to allow others to review and comment on text, presentations, charts and more, perhaps during a video call or chat. All this under your own control! The new Ubuntu Appliance with Collabora Online and Nextcloud offers you just that – and more too. Do read these articles about the Ubuntu Appliance and the Nextcloud features. Now, let’s have a look at Collabora Online and some of the great features that you will benefit from. Read more

Kubuntu Linux 20.04 for a digital painting workstation: Reasons and Install guide.

Wooo, summer... Hot weather and a quick computer reinstall right in the middle of the production of the books because my previous Kubuntu 19.10 was obsolete and reached end of life in July. Bad surprise for me this time in the process: no way to install Scribus 1.4.8 stable anymore and all my books are done with that. The package was savagely forced replaced by 1.5.5~Development and no way to reinstall the previous version flagged as stable by the Scribus team. So, I'll have to move the book project to this development version (it will take hours of adaptation because the text-engine changed between 1.4x and 1.5x). If you are on Windows, Mac, 18.04 or CentOS no worry for you: the package still exists there. Sad to see that no Appimage, Flatpack or Snap are around to rescue this issue... But let's close for now this parenthesis with a taste of bitterness. I'll cope with that, I saw uglier situations of upgrade in my life and this Kubuntu 20.04 is −about all other aspect− a splendid distribution so far. Read more

The GNU C Library version 2.32 is now available

The GNU C Library version 2.32 is now available. The GNU C Library is used as *the* C library in the GNU system and in GNU/Linux systems, as well as many other systems that use Linux as the kernel. The GNU C Library is primarily designed to be a portable and high performance C library. It follows all relevant standards including ISO C11 and POSIX.1-2017. It is also internationalized and has one of the most complete internationalization interfaces known. Read more

Identifying Operating Systems in GNOME Boxes

One secret sauce of GNOME Boxes is libosinfo. It basically is an umbrella for three components: libosinfo, osinfo-db-tools, and osinfo-db. libosinfo offers programmatic means to query for information about OSes. osinfo-db-tools is a set of tools that help manipulate and extract information from OS images (such as ISO files). osinfo-db is a database of operating system information describing requirements for virtualized installations as well as virtual drivers and devices that work with each OS in the database. Read more