Slashdot Mirror


Ask Slashdot: Security Digests For the Home Network Admin?

New submitter halcyon1234 writes "I'm currently cutting the webhost cord, and setting up a simple webserver at home to host a couple hobby websites and a blog. The usual LAMP stuff. I have just enough knowledge to be dangerous; I know how to get everything set up and get it up to date, but not enough to be sure I'm not overlooking common, simple security configurations. And then there's the issue of new vulnerabilities being found that I'm not even aware of. The last thing I want is to contribute to someone's botnet or spam relay. What readings/subscriptions would you recommend for security discussions/heads up? Obviously I already read (too much) Slashdot daily, which I credit for hearing about some major security issues. Are there any RSS feeds or mailing lists you rely on for keeping up to date on security issues?"

3 of 123 comments (clear)

  1. Re:Check your Internet Acceptable Use documents by LordLucless · · Score: 4, Interesting

    Most American ISPs. The only Australian ISP I'm aware of who has this in their AUP is Telstra, and nobody who knows how to configure a setup like that would be using Telstra anyway. That's one of the advantages of a metered system - because the ISP gets paid more the more data you use, they have absolutely no motivation to try and limit your ability to move data. Whereas the US ISPs seem to spend more of their time figuring out how to block data-heavy protocols than actually trying to provide a service.

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  2. The single most useful thing by taustin · · Score: 5, Interesting

    On a publicly visible web server is to set up set the directive for the default web site (the first one in the virtual host list) to default deny to everyone. Then put your web site on a different virtual host. 99.9% of the scans I see come in by IP address, which gets them the default site. Any legitimate traffice will come in by domain name. This set up not only denies the script kiddes access to any PHP forms you've got, it convinces their 'bots to give up very quickly, which means less of a toll on your bandwidth.

    (As someone noted, the standard consumer highspeed account prohibits running servers. Many commercial accounts do, too, unless you told them you're running a server of some kind. You may also have to get them to unblock port 25 if you want to run your own mail server - be very careful if you do that, though. You don't want to be a spamfest rathole without knowing it.)

  3. Re:Check your Internet Acceptable Use documents by StormReaver · · Score: 5, Interesting

    Hosting is cheap, I don't see why you'd want to cancel it unless it's hurting the bank.

    Simple: control.

    I used pghoster for a while, because they provided PostgreSQL hosting. The service was fine until:

    1) They switched my hosting from Linux to BSD. That unnecessarily broke all my cron jobs, which I fixed with a fair amount of grumbling about time I didn't have.

    2) They made another infrastructure change. That unnecessarily broke all my cron jobs, which I fixed with a fair amount of grumbling about time I didn't have.

    3) They made some other change which broke my PHP, which I fixed with a fair amount of grumbling about time I didn't have.

    The bottom line was that they did not seek my input about what to change and when to change it. And their business model probably doesn't allow them to do so. After all, they have a lot of different users with a lot of conflicting demands. It's just the nature of shared hosting. I have no bad will towards the service, but the requirements of shared hosting are just incompatible with the requirements I have on my time.

    So I bought a cheap block of static IP addresses ($20 extra per month) that put me into the business class of customer; the class with the terms of service explicitly allowing me to run my own servers. I've been doing this for about six years now, and I would hate to ever have to return to shared hosting.

    And for those wondering why I didn't use a dynamic DNS service: I did, and they suck, suck, suck. But more importantly, I didn't want to find my Internet access sporadically terminated for violating terms of service.

    So yes, there are very good reasons for wanting to avoid the major hassles of shared hosting. For me, shared hosting's lack of of control was a deal killer.