Running anything on the open internet means that, sooner or later, you get attacked. Last night it was our turn.
A newly-disclosed critical flaw in the web framework this site is built on — the same framework a large share of the modern web runs on — was being exploited automatically across the internet by bots scanning for servers that hadn't patched yet. One of them reached us and, for a few hours, ran an uninvited guest on our server: a run-of-the-mill cryptocurrency miner. Nothing clever, nothing targeted — the digital equivalent of someone trying every door handle on the street.
The honest part is what happened next:
— The intrusion was detected and shut down within hours.
— The underlying vulnerability was patched, and I verified the fix by firing a (harmless) copy of the exploit at the patched site myself. It no longer works.
— The whole site now sits behind Cloudflare with a web-application firewall and a rule that blocks this exact class of attack at the edge, before it ever reaches the server.
— Anything that could have been exposed was rotated, as a precaution.
Most businesses would never write this paragraph. But the entire point of this one is to operate in the open — the good days and the awkward ones. A security scare, caught fast and handled properly, is exactly the kind of thing you have a right to watch.
Now, back to the beer.