Is there a security risk giving someone temporary access to my blog’s code?

My blog is painfully slow for the last few days, and I would like to pay someone (anyone?) 15 BitCoins to optimize it for me (I would do it myself, but I’m not sure I have the time right now).

It’s currently hosted at GoDaddy. What I’m thinking is giving him a snapshot of the filestructure of my blog, and asking him to setup an Amazon EC2 image that will run it.

Read More

After I test his image, I will switch my domain to point to the new EC2 instance and change the admin password. My blog is rather small (only 80 readers), and I gather I don’t have anything vital/precious/secret there. The private information I could think of that I wouldn’t want leaked is perhaps a few emails addresses from some of my users (not that happy about it being leaked, but I assume that email addresses aren’t that expensive, and nobody will have the incentive to do anything interesting with them).

Do you think it’s a viable option? Or instead, should I absolutely not do, in order to protect my user’ privacy? What are security risks are there?

BTW, I don’t yet have anyone specific in mind. If you’re interested, ping me at ron.gross@gmail.com.

Editcross link to the post on bitcoin.org forums.

Related posts

Leave a Reply

2 comments

  1. Anyone in the IT business is exposed to private information all the time, so there has to be some trust there. The e-mail addresses of your users certainly isn’t a big secret. It’s not like he is going to spam them and certainly there’s no money in selling a list of 80 users 🙂

    Still, you need some level of trust with the person you get to help you, there is more damage they could do besides stealing e-mail addresses. For example they could just install a trojan or backdoor to your blog. Yeah that is a bit paranoid but it is nonetheless a risk.

    You should be careful to get someone who you can get some reputation info on. Or you could go to odesk.com or elance.com where a good feedback system is in place.

    On a separate note, I wouldn’t set up on EC2 if you don’t know how to manage and maintain linux. It is too hard keeping up with all the security issues if that isn’t your area of expertise. You may want to try something like WPWebHost. We use rackspace cloud sites. It’s $150/month but very fast and very reliable.