Running a webserver from a home machine...how?
OK, I'm thinking it might be kind of cool (or keen to you EU folks) to run my own website from home. I don't know what I would do with it yet, but not the typical "here's my kids, here's my dog, here's our family reunion in Death Valley, blah...blah...blah". I might start up a local Land Rover club in my area and might choose to host it. So, with that being said: 1) How should I do this? 2) What server app should I use? 3) What is the downside to doing this? (I don't think I'll get 500 hits a day). 4) Will this have any effect on my system on a day to day basis? 5) I'm running a static, private IP on my machine from behind a firewall. Problem? Basically, I have a SMC cable router/firewall that I know how to setup. I have a static IP from my cable company. I have a pretty good system (processor, motherboard, memory, etc...). Feel free to start throwing out ideas. Also, is there a really simple way for me to do this right away? Like toss up something and see if someone can see it? Thanks! Tom - - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Tom Nielsen wrote:
OK, I'm thinking it might be kind of cool (or keen to you EU folks) to run my own website from home. I don't know what I would do with it yet, but not the typical "here's my kids, here's my dog, here's our family reunion in Death Valley, blah...blah...blah". I might start up a local Land Rover club in my area and might choose to host it.
So, with that being said: 1) How should I do this? I'd suggest looking into dynamic dns....this way you don't need to pay for a static IP address. 2) What server app should I use? what exactly do you want to run or show? I'd suggest apache for the web server.... 3) What is the downside to doing this? (I don't think I'll get 500 hits a day). getting static IP address is more $$, so using a dynamic DNS service helps you to save $$$ 4) Will this have any effect on my system on a day to day basis? 5) I'm running a static, private IP on my machine from behind a firewall. Problem? well...now that you mention it...forget dynamic dns..you have a static IP!! If setup correctly, it shouldn't be a problem
Basically, I have a SMC cable router/firewall that I know how to setup. I have a static IP from my cable company. I have a pretty good system (processor, motherboard, memory, etc...).
Feel free to start throwing out ideas. Also, is there a really simple way for me to do this right away? Like toss up something and see if someone can see it?
Thanks! Tom
- - - - - - - - - - - - - - - - - -
Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
On Sat, 2003-06-07 at 22:09, Oskar Teran wrote:
Tom Nielsen wrote:
OK, I'm thinking it might be kind of cool (or keen to you EU folks) to run my own website from home. I don't know what I would do with it yet, but not the typical "here's my kids, here's my dog, here's our family reunion in Death Valley, blah...blah...blah". I might start up a local Land Rover club in my area and might choose to host it.
So, with that being said: 1) How should I do this? I'd suggest looking into dynamic dns....this way you don't need to pay for a static IP address.
I'm not paying extra. It's kind of a long story, but the local cable ISP sold off to Verizon...who sold off to Adelphia. Thru both transitions we got to keep our IP. Pretty sweet! They tried to get me off it, but I said no way!
2) What server app should I use? what exactly do you want to run or show? I'd suggest apache for the web server.... 3) What is the downside to doing this? (I don't think I'll get 500 hits a day). getting static IP address is more $$, so using a dynamic DNS service helps you to save $$$
See above
4) Will this have any effect on my system on a day to day basis? 5) I'm running a static, private IP on my machine from behind a firewall. Problem? well...now that you mention it...forget dynamic dns..you have a static IP!! If setup correctly, it shouldn't be a problem
Thanks for the information! Tom - - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
On Sunday 08 June 2003 11:47, Tom Nielsen wrote:
OK, I'm thinking it might be kind of cool (or keen to you EU folks) to run my own website from home. I don't know what I would do with it yet, but not the typical "here's my kids, here's my dog, here's our family reunion in Death Valley, blah...blah...blah". I might start up a local Land Rover club in my area and might choose to host it.
So, with that being said: 1) How should I do this? 2) What server app should I use? 3) What is the downside to doing this? (I don't think I'll get 500 hits a day). 4) Will this have any effect on my system on a day to day basis? 5) I'm running a static, private IP on my machine from behind a firewall. Problem?
Basically, I have a SMC cable router/firewall that I know how to setup. I have a static IP from my cable company. I have a pretty good system (processor, motherboard, memory, etc...).
Feel free to start throwing out ideas. Also, is there a really simple way for me to do this right away? Like toss up something and see if someone can see it?
SuSE has a web server out-of-the-box for all versions since heck knows when. Install the apache package and ensure it's set to start at boot time. As long as your firewall port-forwards on port 80 it should just work (TM). The downside is security. Once you have an entry point into your box from the outside world, especially with a static IP address, you need to understand exactly what that entry point allows and what abuse it might get put to. In other words, you need to read up on Apache and ensure the config is set as you need it. Don't just assume SuSE have set up a secure config which meets your needs. If you just want to serve static pages and photos, make sure you don't allow PHP, mod_perl or any other of the other abusable things to be accessed from the outside world. Other than security, there's no significant downside really. The loading the server puts on your box at 500 hits a day will get lost in the noise. One other thing to consider is that you'll be running a service and if it's any good people will start to depend on it. Once you reach that point you have a responsibility to keep it going! -- "...our desktop is falling behind stability-wise and feature wise to KDE ...when I went to Mexico in December to the facility where we launched gnome, they had all switched to KDE3." - Miguel de Icaza, March 2003
On Sat, 2003-06-07 at 22:29, Derek Fountain wrote:
The downside is security. Once you have an entry point into your box from the outside world, especially with a static IP address, you need to understand exactly what that entry point allows and what abuse it might get put to. In other words, you need to read up on Apache and ensure the config is set as you need it. Don't just assume SuSE have set up a secure config which meets your needs.
If you just want to serve static pages and photos, make sure you don't allow PHP, mod_perl or any other of the other abusable things to be accessed from the outside world.
I really, really, really hate reading manuals!! I could stress that more, but I don't have enought time. Most have too much information that would apply on an enterprise level rather than a home user/newbie. Is there a "crib notes" version that I can look at some where? I've always had a static IP, but no reason for anyone to look at it. Thanks for the info! Tom - - - - - - - - - - - - - - - - - - Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
I really, really, really hate reading manuals!! I could stress that more, but I don't have enought time.
Fair enough, but if you're not prepared to thoroughly learn about what you're thinking about doing, I'd recommend you don't do it. There are no halfway measures with security. You either know, to the best of your knowledge, that it's secure, or you have to assume it isn't secure. If it isn't secure, it'll be cracked sooner or later. I seem to remember reading that the average time between putting a box on the 'net and having the "door rattled" was about 12 hours. You'll be found.
Most have too much information that would apply on an enterprise level rather than a home user/newbie.
Is there a difference between enterprise level security and newbie security? It comes down the same thing I'd have thought: if you open something up to the outside, make sure it's secure. The only difference between enterprise level and home/newbie level it that in the enterprise you'll need to open more services up.
Is there a "crib notes" version that I can look at some where?
For what *you* need? No. There's probably some generic ones out there which you could gamble on telling you what you need to know.
I've always had a static IP, but no reason for anyone to look at it.
You wouldn't want that reason to be that you're running a porn or warez server would you? I've actually spent the last couple of days looking at my firewall setup and installing a SOCKS5 server. I had reason to browse through the logs, and saw all the script kiddy attempts, door rattlers and Windows malware crap the firewall was holding back for me. I also temporarily ran a web server a few weeks back so a friend could access some files. I ran it on a weird port number which only he knew about. It was still collecting uninvited hits within a week. It's ugly out there. -- "...our desktop is falling behind stability-wise and feature wise to KDE ...when I went to Mexico in December to the facility where we launched gnome, they had all switched to KDE3." - Miguel de Icaza, March 2003
Derek Fountain wrote:
I really, really, really hate reading manuals!! I could stress that more, but I don't have enought time.
well...the solution to this is having a consultant do the work for you! I'm sure there are excellent Suse Linux consultants somewhere near you. Maybe there are even some on this list who are near you! Just ask for references....most businesses do work this way. good luck, Oskar
Fair enough, but if you're not prepared to thoroughly learn about what you're thinking about doing, I'd recommend you don't do it. There are no halfway measures with security. You either know, to the best of your knowledge, that it's secure, or you have to assume it isn't secure. If it isn't secure, it'll be cracked sooner or later.
I seem to remember reading that the average time between putting a box on the 'net and having the "door rattled" was about 12 hours. You'll be found.
Most have too much information that would apply on an enterprise level rather than a home user/newbie.
Is there a difference between enterprise level security and newbie security? It comes down the same thing I'd have thought: if you open something up to the outside, make sure it's secure. The only difference between enterprise level and home/newbie level it that in the enterprise you'll need to open more services up.
Is there a "crib notes" version that I can look at some where?
For what *you* need? No. There's probably some generic ones out there which you could gamble on telling you what you need to know.
I've always had a static IP, but no reason for anyone to look at it.
You wouldn't want that reason to be that you're running a porn or warez server would you?
I've actually spent the last couple of days looking at my firewall setup and installing a SOCKS5 server. I had reason to browse through the logs, and saw all the script kiddy attempts, door rattlers and Windows malware crap the firewall was holding back for me.
I also temporarily ran a web server a few weeks back so a friend could access some files. I ran it on a weird port number which only he knew about. It was still collecting uninvited hits within a week. It's ugly out there.
On Sun, Jun 08, 2003 at 04:28:53PM +0800, derekfountain@yahoo.co.uk wrote:
Most have too much information that would apply on an enterprise level rather than a home user/newbie.
Is there a difference between enterprise level security and newbie security?
The resulting cost of an intrusion (both financial and other indirect costs like loss of reputation). Of course, even a small home webserver should be configured to be secure. However, in practice, if the cost of a successful crack is a few days' worth of downtime, then you probably aren't going to be bothered about it on a home machine (although you'll probably be rather annoyed), but on an enterprise-level system, that sort of downtime costs $$$$$$. As a result, people are more willing to spend lots of time and money on securing enterprise-level systems. -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2
On Sunday 08 June 2003 02:15, Tom Nielsen wrote:
On Sat, 2003-06-07 at 22:29, Derek Fountain wrote:
The downside is security. Once you have an entry point into your box from the outside world, especially with a static IP address, you need to understand exactly what that entry point allows and what abuse it might get put to. In other words, you need to read up on Apache and ensure the config is set as you need it. Don't just assume SuSE have set up a secure config which meets your needs.
If you just want to serve static pages and photos, make sure you don't allow PHP, mod_perl or any other of the other abusable things to be accessed from the outside world.
I really, really, really hate reading manuals!! I could stress that more, but I don't have enought time. Most have too much information that would apply on an enterprise level rather than a home user/newbie. Is there a "crib notes" version that I can look at some where? I've always had a static IP, but no reason for anyone to look at it.
As soon as you put up a webserver, you may find Adelphia looking at it. Most ISP's frown on their customers running services without paying extra bucks. (and they scan ports to find such services)
Thanks for the info!
Tom
- - - - - - - - - - - - - - - - - -
Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
Question? Would moving apache from port 80 cause Adelphia to not find apache? Of course this would require some editing of more than services. Bruce Marshall wrote: > On Sunday 08 June 2003 02:15, Tom Nielsen wrote: > >>On Sat, 2003-06-07 at 22:29, Derek Fountain wrote: >> >>>The downside is security. Once you have an entry point into your box from > > As soon as you put up a webserver, you may find Adelphia looking at it. Most > ISP's frown on their customers running services without paying extra bucks. > (and they scan ports to find such services) > >>Thanks for the info! >> >>Tom - - >>Tom Nielsen >>Neuro Logic Systems, Inc. >>805.389.5435 x18 >>www.neuro-logic.com > > > -- 73 de Donn Washburn __ " http://www.hal-pc.org/~n5xwb " Ham Callsign N5XWB / / __ __ __ __ __ __ __ 307 Savoy St. / /__ / / / \/ / / /_/ / \ \/ / Sugar Land, TX 77478 /_____/ /_/ /_/\__/ /_____/ /_/\_\ LL# 1.281.242.3256 a MSDOS Virus "Free Zone" OS Email: n5xwb@hal-pc.org Info: http://www.knoppix.net
On Sunday 08 June 2003 10:29, Donn Washburn wrote:
Question?
Would moving apache from port 80 cause Adelphia to not find apache? Of course this would require some editing of more than services.
They would be less likely to find it.... And it would only take a simple edit of /etc/httpd/httpd.conf
Bruce Marshall wrote:
On Sunday 08 June 2003 02:15, Tom Nielsen wrote:
On Sat, 2003-06-07 at 22:29, Derek Fountain wrote:
The downside is security. Once you have an entry point into your box from
As soon as you put up a webserver, you may find Adelphia looking at it. Most ISP's frown on their customers running services without paying extra bucks. (and they scan ports to find such services)
Thanks for the info!
Tom
- -
Tom Nielsen Neuro Logic Systems, Inc. 805.389.5435 x18 www.neuro-logic.com
-- 73 de Donn Washburn __ " http://www.hal-pc.org/~n5xwb " Ham Callsign N5XWB / / __ __ __ __ __ __ __ 307 Savoy St. / /__ / / / \/ / / /_/ / \ \/ / Sugar Land, TX 77478 /_____/ /_/ /_/\__/ /_____/ /_/\_\ LL# 1.281.242.3256 a MSDOS Virus "Free Zone" OS Email: n5xwb@hal-pc.org Info: http://www.knoppix.net
On Sun, 08 Jun 2003 09:29:56 -0500
Donn Washburn
Question?
Would moving apache from port 80 cause Adelphia to not find apache? Of course this would require some editing of more than services.
Don't waste your time. All it will take is some traffic to your website, then they will know you have something on that port. They probably scan all the traffic thru their network. It's probably all done by some program or script they run. You can't hide stuff like that on a network. Just look at your firewall scripts, the source ports and destination ports are in the packets. -- use Perl; #powerful programmable prestidigitation
On Sunday 08 June 2003 6:53 am, Bruce Marshall wrote:
As soon as you put up a webserver, you may find Adelphia looking at it. Most ISP's frown on their customers running services without paying extra bucks. (and they scan ports to find such services)
In his case, there is a very good possibility he is "within his rights" -- he mentioned that he has a static IP that has grandfathered from one ISP buyout to the next. I'm in the same boat with pacbell [became prodigy and now it belongs to yahoo] but the TOS is worded such that "accounts provisioned before xxx and have static IP's may run services such as ftp, telnet, http..." [there are some perks to being an early adopter... ;) ] -- Yet another Blog: http://osnut.homelinux.net
if you are adverse to reading any manuals of any kind, I think your choices are to run apache out of the box and hope for the best or spend under 10 dollars a month for a web hosting service and let people who are paid to read the manuals worry about configuration and the like. I finally chose the latter path and am very glad that I did. It sounds like the right thing for your situation. Good luck. ===== Michael G. O'Neill www.oneillaw.com __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
On Saturday 07 June 2003 8:47 pm, Tom Nielsen wrote:
OK, I'm thinking it might be kind of cool (or keen to you EU folks) to run my own website from home. I don't know what I would do with it yet, but not the typical "here's my kids, here's my dog, here's our family reunion in Death Valley, blah...blah...blah". I might start up a local Land Rover club in my area and might choose to host it.
I'm doing this from home, and yes, it is a "here's my rockets, here's the roller-coaster I rode, here are some neat things I did recently" type site :) [see the address in my .sig] Recently, this has been expanded -- I've added wireless service to a local coffee shop, so now my server-at-home is also a radius server authenticating folks at the coffeeshop [making sure they are "paying" customers...]
So, with that being said: 3) What is the downside to doing this? (I don't think I'll get 500 hits a day).
no, you WILL get 500 hits in a day, [and they'll all be nimda/code-red "worms"] :) However, see the "network" link on my page -- that shows statistics for the current month -- or go do the "blog" page proper and take the "stats" link at the bottom, this alternate route takes you to the "live" version of the stats and lets you look up prior months [take a look at february, for instance -- 14,000 hits in one day...]
4) Will this have any effect on my system on a day to day basis?
hardly noticeable, save you'll need to have it up 24x7 [helps to have it be a seperate machine from the one on which you do your daily work...]
5) I'm running a static, private IP on my machine from behind a firewall. Problem?
no, that actually makes things easier -- go to www.dyndns.org and set up a link and you'll save even more ["homelinux.net" is one such "dynamic" domain] -- Yet another Blog: http://osnut.homelinux.net
participants (9)
-
Bruce Marshall
-
Dave Smith
-
Derek Fountain
-
Donn Washburn
-
Michael ONeill
-
Oskar Teran
-
Tom Emerson
-
Tom Nielsen
-
zentara