Reading through this made me nod more often than I probably should:

A key reason for the continued effectiveness of DDoS attacks lies in organizational structures. Systems are often put into operation under time pressure, as temporary solutions or pilot projects. Security aspects take a back seat as long as functionality is guaranteed. Such temporary installations are rarely dismantled or revised if they remain inconspicuous in everyday use. Over the years, this results in unsupervised components that are neither monitored nor updated.

igorslab.de/en/30-years-of-ddo…

As I'm running various pieces of infrastructure on my own, I also happen to then and now see which software does connect to my environments. And as I'm interested in this kind of stuff, I then and now tend to listen to podcasts or read through articles dealing with self-hosting of more or less complex pieces of infrastructure, most of them just all too often boiling down to the idea that it's all "trivial" and "just" takes will and a bit of dedication to do it - and even in some of these podcasts once in a while I'm negatively impressed to hear how little real experience in managing infrastructure is shining through and how much of this is more or less happy-path about initially installing a piece of software on a VPS or a shared hoster. And then I'm painfully reminded of the early 2000s and trying to keep our corporate mail server and other pieces of infrastructure safe from numerous more or less distributed DoS attacks mostly conducted by poorly maintained, unpatched, vulnerable installations of typo3, wordpress and similar pieces of software one "just" used to install at some point and left at this state for a random amount of time. This feels quite concerning, over and over again.

#linkdump #technology #selfhosting #complexity