I decided to move this blog to Oracle Cloud. I am very satisfied wth my current hosting provider and I plan to maintain my VPS there, but I also have good reasons to move.
Constant learning
I am always trying to learn new things, and develop more skills. Back in April I found some time to setup an Oracle Cloud free account.
The solution provides two virtual machines, two databases, a load balancer and other goodies, and that is an excellent test environment. So, in the spirit of constant learning, I decided to use all these services and get accustomed to the Oracle Cloud. Obviously, although the free tier is probably a great environment for a tiny blog like this one, it is far from adequate (size - wise) for any service in production.
Hobbies, hobbies
One of my hobbies is development. I am not a developer, and last time I developed something for "production use" was in 2006. Still, I like writing code. I developed the new blog in Mojolicious with an Oracle DB backend. That is a complete rewrite of the old one which was Blosxom with several plugins, some of them written by me. Surprisingly, the new site is much much faster than the old one; despite the fact that Blosxom used text files and the new one uses a cloud DB. The new server is also of lower specs, so this is probably not the problem. But getting rid of Apache and CGI, moving to the fast Mojolicious and hypnotoad made a huge difference.
Experimentation
I set up my blog in March of 2017. I saw the first targeted attack in 2020. Up until then, there were 20-30 attacks every day, and none of them would target Blosxom. Many of them target Wordpress, several of them target some ecommerce platforms, routers etc. I strongly believe (based on my over 15 years of experience in security, in several companies) that most companies are not compromised yet, just out of luck. Nobody targeted them, and if one had targeted them, they would go down very easily. I have setup security monitoring in the new servers, and since my coding skills are probably bad, I expect this blog to be compromised. I want to see if this will happen out of random attacks on mojolicious, or by someone trying to, indeed, compromise my code / servers now that I make all details public.
Work in progress
The new blog is work in progress. I removed all interactions such as search and comments. This functionality expands significantly the attack surface, so I need to be very careful. The functionality may come back, alongside some other things that I'm planning, but not any time soon.