Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Basic web security question: what should I do to secure personal web server?

  1. #1
    Join Date
    Nov 2006
    Beans
    231

    Basic web security question: what should I do to secure personal web server?

    Hi everyone,

    I just installed owncloud (an open-source cloud solution that you can host on your own desktop). Now, when I browse to myservername.com/owncloud I can access the web interface from anywhere in the world. Cool!

    I am a bit worried though of having my personal desktop computer so exposed though. It seems that if I place any file in /var/www I can access this file through my browser. Is this ok? Is there anything I should know, or do to make sure that my personal web server is secure?

    Thank you for any advice!

  2. #2
    Join Date
    Jul 2007
    Location
    Magic City of the Plains
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Basic web security question: what should I do to secure personal web server?

    Not an Ubuntu support question, moved to Cafe.

  3. #3
    Join Date
    Jan 2009
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Basic web security question: what should I do to secure personal web server?

    Hi quickk,

    If there are any applications or services running that can be accessed from the internet I'd recommend locking them down.

    You can see which ports are listening by running the following command:
    Code:
    sudo netstat -anltp | grep "LISTEN"
    It seems that if I place any file in /var/www I can access this file through my browser.
    This is normal.

    Regards,
    ubudog

  4. #4
    Join Date
    Jan 2012
    Location
    Davenport, Iowa
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Basic web security question: what should I do to secure personal web server?

    What about an .htaccess file, perhaps?

  5. #5
    Join Date
    Jan 2007
    Beans
    6,543
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Basic web security question: what should I do to secure personal web server?

    First things first, make sure you know what services you've got running (eg: SSH, FTP). Cut off access to everything else. Make sure you know how to secure what you do have running. Make sure you've got strong passwords and use something like Fail2ban or Denyhosts, if only to stop the script kiddies from filling your logs up with nonsense.

  6. #6
    Join Date
    Mar 2013
    Beans
    25
    Distro
    Lubuntu 12.10 Quantal Quetzal

    Re: Basic web security question: what should I do to secure personal web server?

    Why not just sign up for a free tier of of Amazon EC2?

    http://aws.amazon.com/ec2/

    If you can install it on your local machine you can run it here. Sign up for the micro instance (its free for 1 year running constantly) and choose ubuntu server 12.04. You can assign an IP to it and everything. Would definitely recommend as you won't be putting all of your data and personal stuff at risk.

  7. #7
    Join Date
    Apr 2006
    Location
    UK
    Beans
    6,646
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Basic web security question: what should I do to secure personal web server?

    Quote Originally Posted by itrogers View Post
    Why not just sign up for a free tier of of Amazon EC2?

    http://aws.amazon.com/ec2/

    If you can install it on your local machine you can run it here. Sign up for the micro instance (its free for 1 year running constantly) and choose ubuntu server 12.04. You can assign an IP to it and everything. Would definitely recommend as you won't be putting all of your data and personal stuff at risk.
    This is a bit misleading... There is no genuine "free" tier - only a 12-month free period. And credit card details are still required (therefore, only available to over 18s).
    So this is only really an option if you are prepared to pay for (or abandon) the service after 12 months.

  8. #8
    Join Date
    Mar 2013
    Beans
    25
    Distro
    Lubuntu 12.10 Quantal Quetzal

    Re: Basic web security question: what should I do to secure personal web server?

    Quote Originally Posted by ugm6hr View Post
    This is a bit misleading... There is no genuine "free" tier - only a 12-month free period. And credit card details are still required (therefore, only available to over 18s).
    So this is only really an option if you are prepared to pay for (or abandon) the service after 12 months.
    It is what it is. I'm sure one can make the case that after the year the 2 cents per hour is worth the added security. Just offering a solution.

  9. #9
    Join Date
    Jan 2012
    Location
    Davenport, Iowa
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Basic web security question: what should I do to secure personal web server?

    He just wants to know how to make his home cloud server more secure. -Not the caveats to Amazon Cloud services. Honestly, why send someone to Amazon when they're interested in learning more about home server security. That's a bit counter-intuitive don't you think? Especially since the solution he's using is already set up and configured.

  10. #10
    Join Date
    Nov 2006
    Beans
    231

    Re: Basic web security question: what should I do to secure personal web server?

    Thank you everyone for your replies. I believe that I have a strong password, and the only services that I have running are ssh at http access. I've had ssh running for years without any problems, but I don't really know anything about adding http access. So far so good, and I'll read up on .htaccess. I had encountered some suggestions about .htaccess during some google searches but the information was conflicting. As far as I could figure out, it seems that using .htaccess files was deprecated, and that you had to configure apache2 instead (warning: I don't really know what I'm talking about here!). The Fail2ban or Denyhost options look interesting... thanks!

    Apart from the future cost, the Amazon services are not what I am looking for because I want to have full control/ownership of my data. Also, I'm pretty sure that I can't get hundreds of gigabyted served on Amazon for free.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •