Sadly, it shows.
So a good friend of mine is getting her business onto a dedicated website, rather than some WordPress.com thing. Eager to get a charity project into my portfolio, I volunteered to make the website for her. She’s renting a VPS from another friend of hers, which gets delivered as just a bare-bones Ubuntu server, so a lot of things still needed to be set up. Long story short, I may have ended up becoming her (remote) sysadmin as well?
But that’s not something I specialize in. Hell, I’ve never even set up a webserver before. But there’s plenty of instructions online, and I’m comfortable with Unix, so how hard can it really be? Not all that hard, if you leave all the security stuff out of the picture. And that’s where I made my mistake, because I was under the impression I knew a thing or two about security best practices.
And I did! But I didn’t know the full story, which caused me to make the system more vulnerable in the end. Not in a “this is a big deal” kind of way, nothing leaked or broke, but we did have an additional attack vector for a second. But I learned about that, corrected for it, and patched some other things up as well, and now I’m just a little bit wiser!
Heh, this is going to be a fun ride when I get a server of my own.