Risks involved with running a webserver at home

V

vsboxerboy

2[H]4U
Joined
Oct 17, 2005
Messages
3,661
Just curious - I have a separate box, no personal information on it but I was hoping to open it up to the interwebs to stream audio, make pictures available if I'm traveling, and stupid stuff like that.

Of course, these will be password protected but what risk am I running to the rest of the computers on my network by doing this?

The only relevant thread I could find is this:

http://hardforum.com/showthread.php?t=760500&highlight=risk

and that's pretty old
 
Well there are always risks. But if you put yourself a good firewall in place like Astaro or Untangle I wouldn't worry tooooooo much. I'd just upload my images to an online image host and carry my music on an iPod though and save myself the trouble. Unless you require more then that.
 
There's always possible loss of your internet when your ISP notices and cancels your account due to violation of TOS....if you have a home grade account.
 
YeOldeStonecat said:
There's always possible loss of your internet when your ISP notices and cancels your account due to violation of TOS....if you have a home grade account.
Click to expand...

Never heard of this happening unless the user was running a website for public use. I could be wrong, I guess...
 
Set up correctly it's safe, I have port 80 forwarded to my gaming rig where I have a web server hosting several test websites. As far as I know for my ISP in the UK hosting webservers is not against the terms of service.

It would be worth checking with your ISPs T&C to see if this is allowed or not, I don't see why not, traffic is traffic, most ISPs limit your upload bandwidth to stop you from hosting services but it's still possible for personal use and testing.
 
PrincessFrosty said:
It would be worth checking with your ISPs T&C to see if this is allowed or not, I don't see why not, traffic is traffic, most ISPs limit your upload bandwidth to stop you from hosting services but it's still possible for personal use and testing.
Click to expand...

Many also block those ports...so you cannot receive traffic on say..port 80 (web) or port 25 (SMTP).
 
PrincessFrosty said:
Set up correctly it's safe, I have port 80 forwarded to my gaming rig where I have a web server hosting several test websites. As far as I know for my ISP in the UK hosting webservers is not against the terms of service.
Click to expand...

And don't forget...vulnerability of said host machine...the machine could be compromised via its IIS service (can be easy and common on a Windows based web server)...so now someone has a backdoor to the inside of the rest of your LAN. So even though port 80 for example may be opened/forwarded to your gaming rig....they could compromise your gaming rig via that port..and now be able to access the rest of your LAN if you have other rigs.
 
I think what Stonecat is trying to say is drop a few bucks a month on web hosting :)
 
Himachi?
OpenVPN?

why host when you can connect to your own computer and just get things..
 
I guess I can find a more secure way to do it, but what I want is this:

Access my pictures from anywhere (I don't like uploading everything to flickr or or other 3rd party sites)
Accsss to my music on my Android phone
Browser based option for VPN in a pinch (I suppose this can be done more securely with logmein or equiv)
But mostly, I just like playing around
 
Oh and side note: how much more of a security issue is this than opening a port for, say, uTorrent? (ISP issues aside...but if anyone knows AT&T's terms that would save me looking it up for the above issues)
 
vsboxerboy said:
Oh and side note: how much more of a security issue is this than opening a port for, say, uTorrent? (ISP issues aside...but if anyone knows AT&T's terms that would save me looking it up for the above issues)
Click to expand...

The security issue with torrents/p2p junk isn't so much the ports or access...but the poisoned content...what you "think" is that song or movie you're looking to get for free..you play it, and unknown to you..through playing it a trojan/back door gets quietly and discretely installed into your computer and tada...you're a member of a netbot army without knowing it. It could activate right away...or remain dormant on your system for a few months or more until being called into duty.
 
Ah no, I get the part about trojans and other malware, but what is the difference between opening port 80 and port xxxxx?
 
I've done both mail and web at home. Now the web server at home is used if I need a file, I just drop it there and then DL it. The webserver has 2 directories, 1 with user/pw, the other open. Typically I delete the files when done using them. The box it is hosted on uses a unique user/pw combo also.
 
Instead of a port-forward into your LAN, you could always put the server into a DMZ. Get a firewall with three distinct interfaces (or build something like pfSense) and now the server is not on your LAN at all. You get the best of both worlds. All the protection of a firewall to that box (still only open port 80) but no chance of a compromise to the rest of your LAN assuming you set it up correctly. Of course, you might still compromise that box, but that's true no matter what. At least nothing else in your LAN will be at risk.

Do you get more than one public IP?
 
I have an AT&T microcell which MUST be placed in the DMZ to function correctly - my AT&T router won't allow more than one DMZ - I think I would need to get a better router to do this or build a box. I don't really want to have this much equipment running though if at all possible. This is really more of a rec hobby than anything else.

I assume that changing the workgroup for the server wouldn't make a huge difference, right?

But thanks for the continuing help and input...I appreciate it :)
 
vsboxerboy said:
Ah no, I get the part about trojans and other malware, but what is the difference between opening port 80 and port xxxxx?
Click to expand...

because port 80 is the default common port and more people don't know to change it or to be bothered, also the hassle of telling people "go to www,hardforums.com:12345"
 
Gotcha, I guess it's mostly that I don't know HOW people try to get into (I hate the word hack...) systems and networks. I would figure some sort of automated port scan for port 80 across the range of public IPs could be a first step?

I can change the port to something else. I'm sure if I consult the oracle (google) I'll find out how to do this. After all, it's mostly going to be me accessing the server.
 
I know how you feel about uploading pictures to websites. Have you tried google's picasa ? I paid 5$ and got 20 gigs of space. I upload ALOT of pictures to it. "SOME" photo's are not visible to the public only to my self. I can view them when ever i want and probably don't have to worry about backing them up :)

Jase
 
I use flickr at the moment, but I would like to be able to set allowances for individuals rather than only ALL, FRIENDS, or FAMILY. I'll have to check out picasa some more. I already use the desktop version because it makes is so easy to tag and geotag
 
You must log in or register to reply here.
Back
Top