BleepingComputer.com: Setting up my own webserver

Hello all,

Recently I have embarked on the endeavor to run a small web server out of my house. After building the server and getting things all setup I have been plagued with hack attempts and DDos attacks to my IP (according to my router). I assume this problem to be largely related to the fact that I now have open ports on my router but as one could imagine, I would like them to stop. I am not attached to any particular flavor of Linux but that is what I would like to run in one form or another. What I am looking for is good reading material or advice on software and techniques I can use to secure my server.

Your ideas are appreciated

http://www.amazon.com/exec/obidos/ASIN/067232380X/dnssesecurthe-20
http://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-3rd/dp/0071740643/ref=sr_1_3?s=books&ie=UTF8&qid=1305259661&sr=1-3

Quote

Welcome to the wonderful world of system administration.
Your first decision is what you will be serving:
Web pages, FTP, email, irc, gaming, teamspeak... huge list.
If you are just running a web site with static html you can turn
off all unneeded services and block those ports at the router.
One of the top server OS's is EnGarde - http://www.engardelinux.org/
OpenBSD is also very secure - http://www.openbsd.org/
My first server OS was SME (e-smith) http://wiki.contribs.org/SME_Server:About
And i've also used tiny sofa (no longer maintained,but good secure OS) http://www.tinysofa.org/
Hope that helps.

It's unlikely that you're really the target of a DDoS attack unless you've gone and pissed someone off. Most any server administrator can show you their server logs with thousands of attempted break-ins. These are automated and are not much of a threat to a properly configured server.

Like raw suggested, find out what you need to have running and turn everything else off. Every added bit of software which faces the internet is another potential vulnerability.

Another strategy is to move applications from their default ports. This doesn't ipso facto make you more secure but it certainly weeds out 99% of the automated attacks.

If you're also running an SSH server for remote administration, disable root SSH logins and require certificate authentication.

Never, ever, ever run an internet-facing server daemon as root. Each daemon should have its own account and have only as much access to the system as is necessary.

Yeah my webserver is not for much, its primary purpose is a media server for its local network and its secondary purpose is to serve basic webpages / be a sandbox for me to mess around with. Ive since reformatted my machine with ubuntu 11.04 server, what do you guys think of this distro over some of the others mentioned? I would kind of like to stick with a debian base but I'm not 100% set on that. Also what do you think about things like webmin? Is running such an administration program just asking for trouble?

It may seem that you are a target of a DOS but adversaries are out there scanning every IP address owned by the US to gain access to our private and intelligence information. WHen you open port 80 you are probably catching these scan attempts. You will know when you are the target of a DOS.

Yeah, I figured as much. I only thought it was DDoS due to some of the router logs I had and the fact that my internet would be intermittent and/or slow at certain times. In any case I have since employed certain measure to help better protect myself ;)