I try to stay out of hosting public sites unless it’s just static pages. Apache is pretty resistant to attack, but every now and then a new vulnerability is discovered. It’s difficult to keep up to date with all the latest patches, and I like being able to pay people more qualified than me to maintain something.

A few weeks ago we installed MySQL server on an older Linux server (I think it was running Fedora 5). Somebody accidentally set it up to listen on all network interfaces rather than localhost. About 11 hours later somebody overpowered the MySQL server and compromised the server. From there they launched a bunch of attacks against other networks and started spewing out spam. Our subnet was blackholed by a bunch of networks and our SMTP servers (google) were on the blacklist by several spam houses.

It took us several weeks before we had fully recovered. It was such a pain in the neck. From now on we try to rely on others to host our infrastructure.

I’m happy you hear you climbed back into Google’s index.