Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setting up my own webserver


  • Please log in to reply
5 replies to this topic

#1 The Pugilist

The Pugilist

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:16 PM

Posted 11 May 2011 - 07:54 AM

Hello all,

Recently I have embarked on the endeavor to run a small web server out of my house. After building the server and getting things all setup I have been plagued with hack attempts and DDos attacks to my IP (according to my router). I assume this problem to be largely related to the fact that I now have open ports on my router but as one could imagine, I would like them to stop. I am not attached to any particular flavor of Linux but that is what I would like to run in one form or another. What I am looking for is good reading material or advice on software and techniques I can use to secure my server.

Your ideas are appreciated :)
//Dave

BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:16 PM

Posted 12 May 2011 - 11:33 PM

http://www.amazon.com/exec/obidos/ASIN/067232380X/dnssesecurthe-20
http://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-3rd/dp/0071740643/ref=sr_1_3?s=books&ie=UTF8&qid=1305259661&sr=1-3

I have been plagued with hack attempts and DDos attacks

Welcome to the wonderful world of system administration.
Your first decision is what you will be serving:
Web pages, FTP, email, irc, gaming, teamspeak... huge list.
If you are just running a web site with static html you can turn
off all unneeded services and block those ports at the router.
One of the top server OS's is EnGarde - http://www.engardelinux.org/
OpenBSD is also very secure - http://www.openbsd.org/
My first server OS was SME (e-smith) http://wiki.contribs.org/SME_Server:About
And i've also used tiny sofa (no longer maintained,but good secure OS) http://www.tinysofa.org/
Hope that helps.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:16 PM

Posted 13 May 2011 - 01:50 AM

It's unlikely that you're really the target of a DDoS attack unless you've gone and pissed someone off. Most any server administrator can show you their server logs with thousands of attempted break-ins. These are automated and are not much of a threat to a properly configured server.

Like raw suggested, find out what you need to have running and turn everything else off. Every added bit of software which faces the internet is another potential vulnerability.

Another strategy is to move applications from their default ports. This doesn't ipso facto make you more secure but it certainly weeds out 99% of the automated attacks.

If you're also running an SSH server for remote administration, disable root SSH logins and require certificate authentication.

Never, ever, ever run an internet-facing server daemon as root. Each daemon should have its own account and have only as much access to the system as is necessary.

#4 The Pugilist

The Pugilist
  • Topic Starter

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:16 PM

Posted 13 May 2011 - 07:42 AM

Yeah my webserver is not for much, its primary purpose is a media server for its local network and its secondary purpose is to serve basic webpages / be a sandbox for me to mess around with. Ive since reformatted my machine with ubuntu 11.04 server, what do you guys think of this distro over some of the others mentioned? I would kind of like to stick with a debian base but I'm not 100% set on that. Also what do you think about things like webmin? Is running such an administration program just asking for trouble?
//Dave

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:16 PM

Posted 08 June 2011 - 09:57 AM

It may seem that you are a target of a DOS but adversaries are out there scanning every IP address owned by the US to gain access to our private and intelligence information. WHen you open port 80 you are probably catching these scan attempts. You will know when you are the target of a DOS.

#6 The Pugilist

The Pugilist
  • Topic Starter

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:16 PM

Posted 08 June 2011 - 10:04 AM

Yeah, I figured as much. I only thought it was DDoS due to some of the router logs I had and the fact that my internet would be intermittent and/or slow at certain times. In any case I have since employed certain measure to help better protect myself ;)
//Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users