Hey there! Sign in to join this conversationNew here? Join for free
    • Thread Starter
    Offline

    0
    ReputationRep:
    So I opened port 80 on router at home and downloaded Apache then changed its configuration to make a public website. I told an instructor at uni this and she gave me a funny look and said I'm letting the whole world in by doing that, or something along those lines.

    So what exactly are the security flaws in doing this?
    Offline

    17
    ReputationRep:
    Well for starters you do not host websites on a router. Routers are for routing, not storing data. What you are probably doing is hosting on your PC and using your router as a public gateway for people to access your website (since your PC won't have a public IP).

    Opening port 80 means people can send requests to download your website. Great. It also means they can send whatever else they like to port 80. If you haven't configured any security settings (e.g. a firewall that only allows HTTP traffic through port 80) then it's like opening a door. If you imagine your router has thousands of doors (ports) which are locked by default, opening one is like leaving the door unlocked. Anyone can just walk in.
    • TSR Group Staff
    Offline

    18
    ReputationRep:
    At worst, you're opening yourself up to a Denial of Service attack. If the machine you're serving data from had a security flaw it's possible an attacker could exploit it, but Apache is generally very robust so this isn't particularly likely to happen. Unless the website itself is insecure, but that's a whole different can of worms.

    Thing is, there are many sites that offer free basic web hosting. Serving the content yourself generally isn't a very practical idea, especially since it means you need to keep a computer running 24/7 - that's a lot of electricity and machine wear costs to consider.
    Offline

    1
    ReputationRep:
    If you're going to host it in your own better make sure that you set up your host propery do some server hardening on your machine install firewall protection, proper user previlleges *linux users*, keep your system up to date, for the sake of ddos attack mitigate it with cloudflare and install a https. For the question what are the security flaws in, just search for those that I mentioned above if those are not setup in the server. And last even how secured your box if your website has a flaw for xss attack, sql injection, mitm(man in the middle) then your server will still be comprimised but if the user permission is installed correct it will be lessesn, so i suggest to use a framework in developing your site.

    Well, If the site is that important why create in-house server? Maintaning it is really costly there's a lot of cheap cloud server out there amazon(1 yr free trial using CC), digitalocean $5 a month, linode and many more. They had their best engineers so you don't need to worry about the hard stuff .
 
 
 
Reply
Submit reply
TSR Support Team

We have a brilliant team of more than 60 Support Team members looking after discussions on The Student Room, helping to make it a fun, safe and useful place to hang out.

Updated: February 15, 2017
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • Poll
    What newspaper do you read/prefer?
    Useful resources
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

    Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

    Quick reply
    Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.