An unexpected letter
Today I received a scary looking letter from abuse@hetzner.de, which is my German hosting provider. The text started as follows:
We have received a notification from the German Federal Office for Information Security...
Knowing how notorious German laws are when it comes to intellectual property, I immediately thought: "What did I do?" and "How big is the fine?" To my best knowledge, my blog doesn't violate any rules, yet I didn't expect a message from a Federal Office without any wrongdoing.
It turned out, they had scanned my server and found that my database was exposed to the outside world. When I'd migrated from one VPS instance to another, I forgot to re-apply firewall rules, so the database as well as some other internal services could be accessed by anyone. That's what they wanted me to know. "Hey, mister, you forgot to set up a firewall." Can you imagine that there's a federal agency in Germany that scans German servers for such things!? That's surprising! I don't know the scope of their work, maybe this is part of Hetzner's certification process or a partnership, but anyway - I'm glad that they do that.
In the media we hear politicians talking about the importance of cybersecurity. While government infrastructure is an obvious target, regular services and businesses can also be used to gather information and facilitate attacks. I wonder if there's something similar in other countries?