experience, the only one I've ever seen actually used - and I've seen
it a LOT of times - was people exploiting known security problems on
installed software. In other words, the server maintainers were
guilty of what Jonathan confesses to below: not applying security
updates. I should also confess that I have made this mistake before
and paid the same price.
It's definitely overstatement to say "just keep your system software
up to date and you'll never get hacked." So, I won't say that.
However, I think I can stand by this: "if you have a publicly
accessible server that is running out-of-date software on a publicly
accessible port, you WILL get hacked". All of the best password
selections and firewall policies and such will do you no good if
you're running a version of apache with a security hole in it. Or
something like that.
Next best advice: do not open any ports that you aren't intentionally
offering services on. Many many people will want to run SSH and HTTP
and nothing else. Some maybe just HTTP. Use a port scanner like nmap
to see which ports are available on your machine. The theory is
simple: it's fewer software programs that might be entry points to
your system if security holes are discovered in them.
But, once again, I'll just say: keep your software up to date. Ubuntu
makes this really easy. Lots of other distros do too. So, do it.
David
On Mon, Jul 18, 2011 at 03:37:48PM -0400, Jonathan North Washington wrote:
>I run a server out of my house too, and have been doing so for about
>10 years. Actually, these days it's run out of my parents' house,
>ever since I was out of the country for a year and needed it to stay
>up; before that I ran it out of my own apartments and dorm rooms (with
>the exception of one year--see below).
>
>The server hosts a handful of sites for various people, mostly for
>myself (firespeaker.org , jnw.name) and my father
>(salonaexploration.com , northeasterngeoscience.org).
>
>I'm also curious about the questions Ben asks, though I suppose I can
>add some of my own experience to the conversation.
>
>In about 2005, when my server was hosted for a little over a year out
>of Brandeis University's LUG (also BLUG :)'s server room, it got
>rooted. This was partly my own fault for not running debian security
>updates very often and allowing root ssh (which reminds me that I need
>to check that again). This is the only real problem I've had, besides
>thunderstorms and wind taking the server down at my parents' house
>from time to time. While Comcast doesn't seem to be providing a
>static IP address service, the IP address does not seem to have
>changed at all in the last four years (since I started hosting it at
>my parents' house).
>
>--
>Jonathan
>
>On 18 July 2011 15:20, Ben Shewmaker <ben@shewbox.org> wrote:
>> I've been running a server on my home machine for some time now and
>> was just curious how many others out there do the same? And I'm also
>> wondering about security of my home machine. I'm running AjaxXplorer
>> on this machine to serve up some photos/videos from my home computer,
>> and, while it does us https, I wonder sometimes about how wise it in
>> terms of a security risk. I also use Dyndns so I don't have to worry
>> about my changing IP and wonder if having a domain redirect from a
>> dyndns hostname makes me more of a target? I like to imagine that
>> spyware and viruses on my windows machine are a much bigger threat
>> than someone trying to hack into my little ubuntu server machine, but
>> I thought I'd ask anyone out there if they have any opinions?
>>
>> Thanks, and I hope everyone's A/C is working well both for your sanity
>> and any little home servers you may be running!
>>
>> Ben
>> _______________________________________________
>> BLUG mailing list
>> BLUG@linuxfan.com
>> http://mailman.cs.indiana.edu/mailman/listinfo/blug
>>
>
>_______________________________________________
>BLUG mailing list
>BLUG@linuxfan.com
>http://mailman.cs.indiana.edu/mailman/listinfo/blug
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment