Got any security advice for setting up a locally hosted website/external service?
-
wrote on last edited by [email protected]
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
-
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
Cloudflare has a free tier for their security services. Worth checking out IMHO -> https://www.cloudflare.com/plans/free/
-
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
I’m an absolute rookie here who listens to absolute pros and try to understand stuff. Here’s what Ive got:
You don’t want to do this from your home network. Ideally you have a VPS running some entry level (unsure but my guess is you filter humans from bots )stuff then tunnel back things from there to your home network. You can use other solutions to do this (i think) like clouflared with a d. Also having a static ip as a consumer is rare afaik so unless you did specifically requested your ISP your ip might change the worst possible time (this im talking from experience lol)
Oh and ofc the modern problems like the ai scrapers who’ll do 300 parse a sec if there’s any info for them to feed on.
That’s all the scary stuff I could muster from memory and exp.
I hope it helps and I’m not sure about any of this but I believe these are topics you could look up and educate yourself also feel free to correct me anywhere here -
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
wrote on last edited by [email protected]Is it running on a dedicated machine? Than what's the worst that could happen? Say someone hacks your website and gains root access to your machine. Maybe they'll fuck up your website. Maybe they'll install some botnet software. But you can basically just flash your device and restart from a backup. No biggie!
The best defence, in my opinion, is awareness and a good backup plan.
But also, if you have a static website with no login or anything, a hacker can't login either. Maybe you've got an ssh connection? That's pretty secure, just make sure you've got it set up correctly and you've got a good password. Maybe you have some login from apache? Same as with the ssh, but if you don't actively use it, you could disable it.
-
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
Since you're using Ubuntu you can probably sign up for Ubuntu Pro, free for personal use last I checked. This provides you with additional security updates. (I would suggest using the LTS branch)
Look into hardening your os and apache installation. Such as using certificate based authentication exclusively for SSH.
Put this box on a separate network (such as a DMZ).
Create regular backups and do recovery drills to insure it's working as expected.
-
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
Are that static pages or are they dynamic with written with some scripting language like php, python or ruby or so? Static pages without any programming are much more secure.
You should set up a schedule to regularly do updates and backups. Maybe even automate them if you can.
If you isolate the server from the rest of your network there isn't a lot someone can do if they do manage to hack it.
-
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
wrote on last edited by [email protected]Also [email protected]
-
Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I'm so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
If you're hosting static content it's a lot easier. If you've only opened ports 80/443 and don't have any kind of user input or scripting you're (probably) fine. Most likely you'd get DOS'd before someone would hack you. Assuming you're keeping your software up to date.
In general though limit what is exposed to the Internet. In this case don't open any extra ports.
If you want to be more secure (likely overkill for most threat models), treat your webserver like it's always infected. Don't do anything else important on it, and keep it segmented from your other computers with firewall rules.
Realistically no one is going to bother to hack you unless you're posting shit that makes people angry. You're mostly going to get prodded by bots looking for known vulnerabilities in Apache or the like, and you can stay protected with frequent updates.
If you're hosting something dynamic or with code like PHP or something with user accounts and the like, then it's slightly more complicated.
