Hosting a website from home - Privacy/Security concerns

KIA said:
VPN IP could change at any moment.
Click to expand...

You have a very fair point! That really does sound I've no other choice but to go ahead and order myself some hosting on that note. I'm looking for cheap hosting whilst the site is under construction.

I currently have the URL and I'm in the progress of building the website as we speak!

Thanks people!
 
Ev0 said:
Out of interest what's the/is there a risk in running your firewall and the stuff behind it virtualised all on the same hardware?

I've not really looked into virtualisation security so not sure if it's even an issue or not.
Click to expand...

You can route everything via the VM so that the VM has the connection to the internet while your PC has it's gateway as the VM. Essentially you can make your PC much more secure by doing this as the traffic has already been filtered before it gets back to your PC.



M.
 
SaltandSauce said:
It seems like both you and I are on the same wavelength. As it stands, my HP Proliant only has 8GB of RAM, but for a simple website, I can't imagine this causing a great deal of trouble.

I was hoping you could tell me a little bit more about your three virtual machines and how they all work hand in hand. You mentioned the following: One acts a Proxy and run mod security, one is a normal web server and the other is the DB server.

What proxy and mod security do you have in place on your first VM? On your second, what webserver are you currently using? As for the third, I don't intend on storing any details so the use for a DB would be unnecessary.

You also mentioned your Juniper firewall and how that has been configured. Since I don't have the luxury of owning one of these, would pfSense be my next best option whilst running through another VM? Would this be required if my site was hiding behind my VPN?
Click to expand...

I run a proxy as an application firewall to protect my site. This runs apache with a mod called mod_proxy and mod_security. The web server is also apache. The db sever runs MySQL which runs the backend of my site. I will freely admit this is ott but i know how to do it so I did it.

pfsense can do the same, all it does is give a separate hosting network when I can tune it and restrict it, for example place band width limits. My aim next is to place a cisco type router in so this traffic doesn't even enter my home network.

I used to have my own host at fasthosts but £80 a year for one site was to me a rip off. Now I host 3 sites and I have total control. Yes it has its downsides of no HA but if the site went for a day nobody would care. I would say read up give it ago its a great learning experience.

My server is also used to support dns/dhcp at home. It also stores backups and all my media. So it gets a pretty good work out.
 
Last edited:
Are you sure your isp aup allows commercial hosting from your home? What happens when the connection goes down and there's no sla? You say tough to the customer?
 
m4cc45 said:
You can route everything via the VM so that the VM has the connection to the internet while your PC has it's gateway as the VM. Essentially you can make your PC much more secure by doing this as the traffic has already been filtered before it gets back to your PC.

M.
Click to expand...

I understand that bit, if you run the VM on one piece of hardware, and your pc is on different hardware sitting behind it yeah you're right.

But I'm talking about running 2 VMs on the same hardware, one being the firewall and the other being whatever you're serving up et al.

Whilst I know that within the VMWare software you can set up all the networking 'virtually', you're still relying on the security of the underlying software to make sure everything is hunky dory.

Would it be conceivable that there could be a vulnerability at the VMWare level that would give access to any machines running under the same hardware, whether they are setup to be segregated or not?

As said I have no idea whether this would be a worry or not, but with my security hat on on the face of it running your firewall/filter etc on the same hardware as whatever is sitting behind it could be an issue under certain circumstances.

Just interested to know if that's a scenario that could happen or not, however unlikely.
 
m4cc45 said:
You can route everything via the VM so that the VM has the connection to the internet while your PC has it's gateway as the VM. Essentially you can make your PC much more secure by doing this as the traffic has already been filtered before it gets back to your PC.
Click to expand...

This is definitely something I'm going to look into when I have a little bit more free time on my hands. The likes of pfSense running on a VM sounds like a great idea from a security perspective!
 
matthab said:
I used to have my own host at fasthosts but £80 a year for one site was to me a rip off. Now I host 3 sites and I have total control. Yes it has its downsides of no HA but if the site went for a day nobody would care. I would say read up give it ago its a great learning experience.
Click to expand...

Thanks for the inspiration! This is definitely something I'm going to read up on as it sounds like an interesting side project, whilst at the same time, putting my server to some more good use!

On another note, have you ever had a DDOS attack that has brought down your network? Or are you hiding behind a firewall?
 
SaltandSauce said:
Thanks for the inspiration! This is definitely something I'm going to read up on as it sounds like an interesting side project, whilst at the same time, putting my server to some more good use!

On another note, have you ever had a DDOS attack that has brought down your network? Or are you hiding behind a firewall?
Click to expand...

No DDOS at the moment. Cant see it being an issue as the sites dont generate that sort of attention.
 
I was going to drop you a PM but unfortunately it doesn't look like we've got that facility via the OC forum. Is there particular sites you would recommend that I begin reading through in order to get myself started? Like another member previously stated, it would even be good to get a basic website up and running using my server as temporary hosting before making the siwtch over to dedicated hosting company.

As it stands, I'm only really looking for some basic hosting as I doubt my site will bring in a great deal of traffic. It's not going to be an e-commerce site or anything of that sort that would be expected to bring in a great deal of traffic. Instead, it will be a personal blog that should be fairly quiet.

Rather than spend the cash (no matter how low) I'd rather try and see how I get on using a number of Virtual Machines instead. Could you please link me to a few sites that you recommend I give a read to get myself started? pfSense obviously being one of them. The one thing I'm not entirely sure on is what OS to run my site on to begin with?!
 
Is your sites currently hiding behind any sort of VPN? Or is your firewall configured that you're not too concerned with your home IP being out in the open?
Click to expand...

Nope straight out to the open. Im not to concerned as my IP appears in many online services. Just having a good firewall policy and OS lockdowns is essential.

I was going to drop you a PM but unfortunately it doesn't look like we've got that facility via the OC forum. Is there particular sites you would recommend that I begin reading through in order to get myself started? Like another member previously stated, it would even be good to get a basic website up and running using my server as temporary hosting before making the siwtch over to dedicated hosting company.

As it stands, I'm only really looking for some basic hosting as I doubt my site will bring in a great deal of traffic. It's not going to be an e-commerce site or anything of that sort that would be expected to bring in a great deal of traffic. Instead, it will be a personal blog that should be fairly quiet.

Rather than spend the cash (no matter how low) I'd rather try and see how I get on using a number of Virtual Machines instead. Could you please link me to a few sites that you recommend I give a read to get myself started? pfSense obviously being one of them. The one thing I'm not entirely sure on is what OS to run my site on to begin with?!
Click to expand...

Its up to you and depends how much time you have available.

To start its allways best to have some basic understanding. So a simple set up would be, Home router port forwarding to your web server. No pfsense required there. This will cost you next to nothing so try that and grow from there.

You OS is your choice. I choose CentOS as its free and is based on RedHat which makes it a nice platform to work with. It also uses very little resources. You can use something like XAMPP http://www.apachefriends.org/en/xampp.html which will install Apache/PHP/mysql etc for you (If you want to use wordpress mysql is needed).

A quick 5 second google showed this guide which could help:

http://net.tutsplus.com/tutorials/php/how-to-setup-a-dedicated-web-server-for-free/
 
Sorry for the late response but I just wanted to say thanks very much for the sound advice matthab, it comes much appreciated.

In the end, I decided to go ahead and order some cheap hosting instead. I thought it seemed the sensible option whilst I attempt to build a website from the ground up. That being said, when I get a little more time, I'll certainly be looking into pfSense and the likes of XAMPP to help build up my technical knowledge.
 
For others looking here, I just read about something called ngrok - that may be a good for for secure access to website running on a home server.
 
You must log in or register to reply here.
Back
Top Bottom