VPS exploited

One of my Debian 12 virtual private servers was exploited and given the time of year, I didn’t even find out until weeks later. I have since re-rolled that VPS with NixOS and a pretty solid configuration that I’m fairly happy with.

But the best is yet to come…

I have others, and they have similar software. I want to re-stage this one, for example. It has a lot more services and a lot more users, so it’s going to take a lot more testing offline of the new setup I’ll be rolling out. I’ve been downloading regular backups and I’ve started experimenting with the software I plan to run and leveraged these backups to try and get things into a nice and easy (and hopefully quickly) transitionable state.

Mostly, this entails creating a nix configuration I think will work, learning the bits and pieces that will make it actually work, and then pointing it at my backups to load up data and perform ad-hoc testing. There are quite a few pieces of software that I need to test out, so it’s been a multi-day process. I’ve learned about the ACME protocol lately to make it easier to automate certificate generation and signing.

And this is where the fun part comes in…

I need to swap out a VPS that is running and using one domain name with a new OS on the same VPS instance using the same domain name. But I want to make sure certificate generation and all my planned services are working before the swap without taking the VPS offline. And I’m on a commercial grade NAT with no routable IP address. I wanted to make sure software like Jabber clients will work with my Prosody instance on the new server, and I can’t have both of them up and running with the same name at the same time.

So I bought a new domain. I planned on running the server from the same system I was testing it on, but it would still need to make use of DNS and be able to reach Let’s Encrypt, and be able to run Prosody with the new server name so client and server would be happy with the certificates, DNS ownership, etc. IE it wasn’t good enough to just make an entry in the /etc/hotss file.

Here’s the best part…

So I bought a domain name and pointed at 127.0.0.1. I purchased comehack.me and if you ping that it will, indeed, resolve to 127.0.0.1… or dig or nslookup or whatever.

This makes me smile. It makes me smile a lot.

Update: well, I didn’t have the new server ready to roll out as quickly as I expected, so I’m temporarily pointing comehack.me at the new server now. The name is starting to grow on me, so now I’m not sure if I’ll keep it or point it back to 127 when I’m finally ready to make the switch.

Tags: index

Tags

#index

index

tags

prev ⏰

⏰ next

created: 2025-07-12

(re)generated: 2026-05-22

page source

Proxied content from gemini://thatit.be/2025-07-12-12-00-28.gmi (external content)

Gemini request details:

Original URL
gemini://thatit.be/2025-07-12-12-00-28.gmi
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.