blog-image

Sep 11, 2018

10 min read

I kill every VPS I touch

Written by

Vippy The VPS

Somewhere and somehow, there are a handful of sysadmins who have never completely broken a VPS. They might even manage to maintain, update, and optimize their VPSs on a regular basis. They keep them going indefinitely. These people are coveted by industry, make bank, and generally keep everything we love about the internet going.

I am not that sysadmin. There’s a good reason the SSD Nodes engineers don’t let me near any of the important buttons. Or any of the buttons for that matter.

A good sysadmin does not break every VPS they touch. So, a short “survival guide” for terrible sysadmins like me. How can we learn from our mistakes? How can we implement bad sysadmin-friendly tools to halt our bad habits? How can we rid ourselves of this curse?

I’ve used some s****y passwords

You step away for just a moment—maybe you even ask a stranger to hold your spot for you—but when you return, someone has invaded your turf.

Not a great feeling.

Once, I accidentally deployed a new VPS, using an older variant of my standard Ansible playbook, with password as the password. I hadn’t noticed because the password is hashed inside of the playbook. I logged in via password (not SSH key + passphrase), installed Docker, and moved on. The next time I logged in, something felt off. I ran a docker ps -a and found a cryptocurrency miner running on my VPS.

The only natural response was to immediately terminate my connection, log into the administrative area, and reinstall the operating system. In no way am I qualified to mitigate the damage, cut out the intruder, and protect the system from being attacked again. Despite being a yet-unused VPS, I still burned time and once again showcased my sysadmin idiocy.

How can you prevent this?

  1. Use SSH keys and passphrases, instead of just passwords, while also disabling password-based SSH logins.
  2. Pair that passphrase with a manager like Bitwarden to keep you from having to remember it.
  3. Or, choose an SSH passphrase and user passwords that are both complex but easy enough to remember.
  4. Mostly, don’t choose password or anything you’d find on one of those most commonly used passwords lists.

I’ve locked myself out via iptables

You type in a seemingly harmless iptables rule and find yourself unable to do anything else. You kill the session, maybe close down the terminal itself, and try again. No dice. You’ve just locked yourself out—one of the classic beginner

Continue reading this article
by subscribing to our newsletter.
Subscribe now