First post! So what’s a secure way to blog about cybersecurity and pen-testing? I’m not entirely sure, but I’m figuring it out. I think a good start is to use a static site generator instead of something like Wordpress. I’m using Jekyll, which is a Ruby-based static site generator. It has had a couple of CVEs, but overall, being a static site generator, it’s just not that exploitable. I’m still not sure if this is the best setup, but it’s a good start for now. I’m continuing to tweak things as I go.

It seems like a lot of people are using GitHub Pages to host their Jekyll website or blog. I like to be more in control than that. I’d hate to go to all that trouble of getting setup there and then find out they don’t support doing some random thing that I want to do. I’m instead hosting my site on an AWS instance, running Debian, the best Linux distro.

After completing my server setup I ran an nmap scan to see what ports were open. I was happy to see that only the ports I was expecting to be open were actually open:

> nmap -Pn -sS -p- eugor.com

Starting Nmap 7.93 ( https://nmap.org ) at 2024-04-28 15:30 CDT
Stats: 0:15:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 66.78% done; ETC: 15:52 (0:07:29 remaining)
Nmap scan report for eugor.com (44.223.248.90)
Host is up (0.025s latency).
rDNS record for 44.223.248.90: ec2-44-223-248-90.compute-1.amazonaws.com
Not shown: 65532 filtered tcp ports (no-response)
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1351.69 seconds

I may ask AWS for a PTR record at some point. I’m not planning on running a mail server so it doesn’t really matter.