Building and Securing this blog

Hello, all 5 of you. Okay, 10.
I’m starting small, but I expect to grow. Just like my longer form writing skills.

Now let me take you through what I’ve done so far, and what I intend to work on next here on this site and in my career.

Setting Up the Server

On some advice, I started with a VPS for hosting and google to register my domain. Cheap enough even on my limited means.
Setup was simple. I chose an Ubuntu image to start, and though I would still call myself a linux novice, it was easy enough to install an Nginx server and get a Let’sEncrypt cert installed. And yes, before I even added anything for content management, before I even knew I needed PHP and SQL, I knew I wanted my site to run SSL.
It did take some struggling to get the site to reliably redirect all requests to SSL, but I did eventually figure out where I was going wrong with my server blocks. Next, I was able to follow some tutorials and get the rest of the M and P portions of my LEMP stack installed and get this WP blog installed and set up, as you can see.

Security Successes and Foibles

When I set up this server, it was my very first time doing anything with SSH. Which brings me to my first fail; I used password auth for SSH. Part of that was that I was banging out bits on lunch breaks and work breaks from many different computers and didn’t yet know how to generate keys, let alone move them from one computer to another. On the positive side, my very first commands on the server were to make a user account and give it SUDO privs. I didn’t disable root yet, but I did stop using it for the time being. I also learned that windows powershell has openSSH already installed by default, and that made working from multiple systems even easier, and taking the time to generate SSH identities for multiple systems harder.

My other greatest security fail was that I was keeping my logins and passwords in a plaintext document on a cloud service, again because I was bashing away from multiple computers. That’s been fixed now, but I’ll get to that soon enough.

While I followed guides, I did make some changes to variables given by those tutorials. I’ve changed the DB name and user away from what the guides used, and used a long random generated password to secure that user account.

Finally, after much tinkering and some time figuring out more nginx blocks, I had a blog and made a post.
Now it was time (And way past time) to get serious about my security. I downloaded keepass to have an offline password DB, used bitlocker to encrypt a flash drive to keep that database and an SSH key on, since all my workstations are windows systems. And different passwords for each. I took down that cloud based plaintext document and backups, and changed all the passwords listed there for good measure. I disabled the root account now, made sure I could SSH using the keypair I made and disabled password-based SSH auth. Still, I’d appreciate any other tips to help harden my security.

The Future Soon

I still have some changes in the works. I NEED to update my resume and post it here to make it easy to access both for prospective jobs and for people offering me help. I also want to redesign my site layout so visitors land on a different index page instead of the blog itself, but I wasn’t thinking that far ahead and I believe I’ll need to change my server configs just a little bit.

Still, I want this to help motivate me to keep learning, keep telling people what you can do. Right now, I’m working in PC repair and high performance custom system integration, but I’m building skills and learning how. How to reach out to people without being embarrassed. How to accept help and tips that are offered. How to motivate myself when I don’t want to do anything. And of course, How to do the work. How to use powershell, bash, utilities, logs.

I can’t wait. Like JoCo said, “It’s gonna be the future soon. I won’t always be this way.”

One thought on “Building and Securing this blog

Leave a Reply

Your email address will not be published. Required fields are marked *