Detexian Reviewed
am an early adopter of Detexian, a service which I increasingly rely on for security. My wife and I run a small media entity which attracts about 5 million hits a week. The sites are TuxMachines.org and TechRights.org. One of the sites is modest and non-confrontational, whereas the other one (the latter) is more controversial because it is critical of activities such as bribery, illegal surveillance, and all sorts of corruption. There are certainly people and organisations that are willing to spy on and undermine the site. Some of those who get criticised are large technology companies and institutions they work with.
We cannot keep up with logs because we are a small team and we cannot properly analyse these for security threats. It is just infeasible. For analysis of logs we also require a service which is isolated from surveillance-intensive hosts such as Amazon. We moreover operate on a very small budget as the sites are public services rather than for-profit.
We now rely on Detexian to inspect the traffic and generate concise reports. Detexian helps to avert disaster or alert about troubling patterns in activity before disaster strikes or flaws are found/exploited. TuxMachines.org and TechRights.org are not young sites. They have been around for nearly a decade and a half; over the years we have suffered more DDOS attacks than we can remember and there were also intrusion attempts (none were successful). Some attacks managed to cause damage, but it was always repairable. Recently, Detexian alerted us about SQL injection attempts and made recommendations.
We shall continue to rely on Detexian in the foreseeable future and are happy to pay for the service knowing that someone “has got our back” and is providing informed advice on how to guard the sites.