While djb is perhaps best known for writing qmail, he also wrote a web
server, publicfile. Like his other software, publicfile is simple and
robust. I use it to serve this site, among other software.
Characteristically for djb, publicfile is pretty minimal out of the box. Here
are a few patches I applied to the source to make my server faster, more
flexible, and easier to use.
A webserver is a computer, connected to the public internet, that does things
(serves pages, etc.) whenever anyone asks it to. This makes it an easy thing
to attack: the first step toward attacking a computer is usually getting it to
do your bidding, and a webserver does your bidding every time you click a link.
My system logs show that I get attacked several times a day, like (I imagine)
most computers on the Internet. Fortunately, most attacks bounce off — not
because I have some magic security-foo, but rather because the software I’m
using — specifically publicfile — doesn’t work the way the attackers
expect it to.
While I am not so naive or foolish as to say that my server is “secure” —
I’m sure it has some exploitable hole, and it runs in a distant facility that
probably forgets to lock the doors sometimes — these attacks are of mostly
academic interest.
Here’s some data I’ve collected from the past month or so of attacks. I figure
this might help someone else detect or prevent an attack in the future.