There's a lot of bad actors on the internet, which makes running a small website quite a chore -- and this one is much more visible than the average small website. At the very minimum you must keep it up to date, because it will be under a constant barrage of exploit attempts. Then there are DDoS attacks (people have tried to used my webserver as a way to DDoS my ISP in the past). Then there's the crazy people who will email you demanding why you broke their IPv6 or that you urgently fix some issue that and they are "losing money" because of it.
I get that popularity comes with problems, but I don't see how the attack surface is any larger than a normal website?
It looks like the entire site is implemented in Javascript, which tries to fetch resources from various HTTPS URLs, some of which are configured to serve only over IPv6, others only over IPv4. But that just requires configuring a normal webserver to serve regular HTTP traffic, which is the bare minimum exposure to exploits any website has.
What I actually said is that it's a chore to run a small website, and that applies even to a simple static site (although you're right, way more if your site runs backend scripts). Bad actors are still going to try to DDoS you, attack your static webserver, and send you entitled emails.
Geolocation queries are probably one of the bigger costs. Google is a rip-off here but to use them as an example, they charge $2.83 per 1000 lookups for the first 90k/month. You could easily spend a few hundred per month that way.
If you were trying to set up a replacement for this site that's cheaper to run, you could probably drop the geolocation feature, it's not really necessary.
I work for IPinfo, and this is a tangent note on a tangent note. We offer a free IP geolocation database, and we recently started providing an unlimited API query service for free against that database.
Maintaining an IP geolocation database requires some upkeep. You have to download the database regularly (in our case, daily) to keep the data fresh, and you need a system in place to make it useful.
That’s why we created a dedicated API tier that offers unlimited requests. The data is being used by many open-source projects, so we’re simply doing our part to support them by providing both the data and the API infrastructure service. Last year, we processed over 2 trillion API requests across all our API services. There are many projects, Open Source and Enterprise, that are making billions of requests daily, and they are on a free tier plan.
There's a lot of bad actors on the internet, which makes running a small website quite a chore -- and this one is much more visible than the average small website. At the very minimum you must keep it up to date, because it will be under a constant barrage of exploit attempts. Then there are DDoS attacks (people have tried to used my webserver as a way to DDoS my ISP in the past). Then there's the crazy people who will email you demanding why you broke their IPv6 or that you urgently fix some issue that and they are "losing money" because of it.
I get that popularity comes with problems, but I don't see how the attack surface is any larger than a normal website?
It looks like the entire site is implemented in Javascript, which tries to fetch resources from various HTTPS URLs, some of which are configured to serve only over IPv6, others only over IPv4. But that just requires configuring a normal webserver to serve regular HTTP traffic, which is the bare minimum exposure to exploits any website has.
What I actually said is that it's a chore to run a small website, and that applies even to a simple static site (although you're right, way more if your site runs backend scripts). Bad actors are still going to try to DDoS you, attack your static webserver, and send you entitled emails.
Geolocation queries are probably one of the bigger costs. Google is a rip-off here but to use them as an example, they charge $2.83 per 1000 lookups for the first 90k/month. You could easily spend a few hundred per month that way.
If you were trying to set up a replacement for this site that's cheaper to run, you could probably drop the geolocation feature, it's not really necessary.
Definitely agreed
MaxMind's GeoLite database is a good alternative to paying for ip geolocation. You don't typically need super precise data for something like this.
I work for IPinfo, and this is a tangent note on a tangent note. We offer a free IP geolocation database, and we recently started providing an unlimited API query service for free against that database.
Maintaining an IP geolocation database requires some upkeep. You have to download the database regularly (in our case, daily) to keep the data fresh, and you need a system in place to make it useful.
That’s why we created a dedicated API tier that offers unlimited requests. The data is being used by many open-source projects, so we’re simply doing our part to support them by providing both the data and the API infrastructure service. Last year, we processed over 2 trillion API requests across all our API services. There are many projects, Open Source and Enterprise, that are making billions of requests daily, and they are on a free tier plan.