As soon as I blogged about IoT and security few weeks ago, my blog got hit by a massive DDoS attack combined with daily hack attempts via WordPress’ backend and SSH. I’m dealing with both issues pretty successfully for now, but this is a reminder to myself to step-up on security. I’ve since then switched hosting this blog to a $5/month VPS on DigitalOcean, really happy with the service so far.
As mentioned in my blog post on IoT security, one of the items to address is security of data in transit. My connected things use plain HTTP posts to an Emoncms instance running on my domain, meaning they are vulnerable to man-in-the-middle attacks. Probably the best way to handle this is to use a SSL certificate and handle HTTP over TLS (HTTPS). SSL certificates cost > $60 per year, it isn’t worth for a personal blog.
Not bad, should have done that long ago.
P.S. If you sign up for Digital Ocean VPS via this link, you will get $10 credit and I’ll benefit some too.