Maybe it's because I'm not feeling my best this morning, but I really can't stand this whole army of "security experts" who pay dubious online sites to perform scans on their servers and then come bothering with absurd and incredible requests.
The latest one, just a few minutes ago: "Our website also responds on port 80. It needs to be closed immediately; it's insecure!"
My response: "Port 80 has a redirect to 443 - it's there to ensure that users who connect on port 80, in HTTP, are kindly redirected to 443, in HTTPS."
Their reply: "Port 80 is insecure and dangerous; it must be closed immediately. It's a security risk."

Normally, I'm patient and accommodating, but not this morning: "I'm very sorry to hear that you find our technical choices to be insecure. Considering that your hosting contract (which we provide to you at rock-bottom prices and which I almost no longer find worthwhile to maintain) expired on 20 November, and you had a 14-day grace period to make the payment, and despite my reminders, you haven't done so. I want to inform you that I will be taking down the website tonight, and you have until Monday to migrate everything. On that date, I will delete all of your data from our servers. Have a good day. "

Of course, they ignore the fact that their website is still running on PHP 5, which I've been telling them for years to update because I have to keep an old and insecure FreeBSD jail active just for this mess. According to them, that is secure. 🤦‍♂️

#IncredibleRequests #HostingIssues #ServerSecurity #SysAdmin #IT