Also as a rule of thumb never ever expose anything but port 80 and 443 if hosting a webapp.
If you must expose services other than http/s then be sure to not leak its version, have it secured properly and _always_ up to date. The user running such services should also be a non privileged user, the daemon chrooted, and the OS should have appropriate process and filesystem permissions in place.
Okay, and I prefer being waterboarded over being drawn & quartered. But it doesn't mean I support the practice of waterboarding, since there's another option, namely just not waterboarding in the first place.
This contrarianism is so strange to me. Data not being deleted by a bad actor is preferable to having it deleted, and I would think that would be the main takeaway here, rather than this weird descent into counterfactuals. Where does the impulse come from to bypass the normal answer, treat it like a trick question and go into contrarian mode by measuring it against counterfactuals? I think when you do that you lose sight of the most important thing here, which is the fact that data is being wantonly deleted and that it is bad that this is happening.
Also as a rule of thumb never ever expose anything but port 80 and 443 if hosting a webapp.
If you must expose services other than http/s then be sure to not leak its version, have it secured properly and _always_ up to date. The user running such services should also be a non privileged user, the daemon chrooted, and the OS should have appropriate process and filesystem permissions in place.