The epic project of getting Demigod to work on our miniscule family network (thanks, Brad! You dick!) has left me feeling pretty experienced in dealing with matters related to getting shit to work vis a vis internets and routers. Which obviously means I’m so ignorant of how things work that I don’t even have the faintest idea of what I don’t know and I’ll probably give up due to the impossibility of maintaining it all. But, hey, I’ll be unemployed soon, so I figure I might as well be providing something for the fam while I’m looking for work!
I’m reading all sorts of nifty tutorials (on lifehacker most notably because they’re well written if somewhat elderly, but lots of other places as well) during class and, get this, I understand what most of the words mean without even looking them up! Holy crap! And last night I used netsh to reset a TCP/IP stack because I knew it needed to be done and I was right and it worked! Holy crap the jargon! Holy crappity crap is this stuff nerdy!
What I’m especially interested in (besides recommendations for good freeware and tutorials!) are a couple of fairly specific questions that, frankly, I’d rather not have answered by the vox populi. And where better to avoid the vox pop than on this erudite forum of monocle wearing tapirs? Nowhere, that’s where!
What are the practical security and usability concerns of opening up frequently scanned ports like 25, 80, or 8080 for use with these sorts of projects? Will setting up a sufficiently complex password be enough, or will I have to deal with constant barbarian incursions?
Will opening these ports interfere with standard internet access? Will running stuff on them interfere with VPNs?
And, most importantly, will I get the pants sued off me if I run a private ftp for my family?
I run a home linux server, and I leave 80 open for apache and 22 open for ssh and a few more ports for sundry purposes. I also make sure to keep up to date on patches. I’ve never had a serious problem.
If you want to self host some basic web pages and files for family, it’s a good little project to get your feet wet technically, but I strongly recommend setting up a separate PC to be your server. This has three big benefits. One, if a security violation occurs your personal PC, which probably has more sensitive stuff, isn’t exposed. Two, it keeps any spikes in server usage from impacting the performance of your main PC. Three, you are freer to experiment. If you really bork up your server or suspect its been hacked you can just wipe and reload with no fear of consequences. Reloading your main PC with all your personal files and games and so forth is a much more daunting prospect.
Basic web hosting and ftp fileserver are trivially easy jobs for modern computers really, I just yesterday threw away the Pentium II system that was my linux server up until last year. So any old PC you have in the closet or can pick up off craigslist for $50 is going to do the job fine.
Some ISPs filter out incoming connections to those ports, so they might not be publicly reachable anyway, so you might have to test if they’re accessible from somewhere else. Opening them won’t interfere with anything, though.
As for security concerns, passwords alone aren’t really good enough (a password on what specifically, anyway?) since attacks may occur at a more fundamental server or PHP level before passwords are even checked. You really need to make sure that your web server is kept patched, and that includes the OS and any web services and things invoked by it (PHP, perl, databases, web applications, etc.).
I had my web server hacked once because I’d installed ‘awstats’ at one point and then forgotten about it, so it was still unpatched when an injection vulnerability was discovered and spread around.
And as for getting sued, well, it might violate the terms of your ISP’s service agreement. But they seem not to care too much if it’s private, low-traffic stuff, and the worst they’d do is tell you to knock it off.
(And if you’re installing an SMTP server, as implied by wanting port 25, be really, really careful about its configuration. In particular, you don’t want it to act as an open relay or you’ll be forwarding tons of spam email in no time.)
I have to say, it’s not worth it. You can get web hosting for, what, $5 a month or so? It’ll be less of a headache, and it won’t be violating your ISP’s TOS, either.
Like any self respecting Dwarf, I’m doing this because it is a needlessly over-engineered solution to a problem that doesn’t exist! I’ve even taped some spikes onto the “server” so that it can menace more effectively!
That’s about what I figured. I’m only doing this because I happen to have a couple of (elderly and fubared) computers I picked up from a friend whose office went out of business a couple of summers ago. Taking them apart (and sometimes even putting them back together again!) taught me a good bit about computers, so I figured I’d try to continue the self education.
It’s good to know that I won’t accidentally blow up everything so long as I’m careful and practice good computing!
I’d read some stuff along those lines, but it’s good to have confirmation. Danke!
(And if you’re installing an SMTP server, as implied by wanting port 25, be really, really careful about its configuration. In particular, you don’t want it to act as an open relay or you’ll be forwarding tons of spam email in no time.)
It’s something I’m thinking about, but the more reading I do on the subject the less I understand. So it might have to wait. Anyway, thanks!
Well if you want to run your own game server for a few friends, or not comply with space restrictions, hosting your own can be a good deal. I’ve been running a dominions 3 server for QT3 use for years and years and it’s certainly nothing I’d have done if I had to pay $15 a month for the privilege.
Yeah, SMTP should be the last thing you muck with hosting yourself. Truly. You can get yourself in trouble and your ISP mad at you if you accidentally set up a spam relay.
It occurs to me that that would be a great use for Amazon’s EC2 cloud stuff. Create a game server image, set it up when you’re ready to play, and shut it down when you’re done. You’ve got Amazon-level bandwidth and you’ll probably only end up paying 30-40 cents a game session.
(Okay, mostly I just think EC2 is really cool, and have been trying to imagine how I could use it for something.)
