So I opened port 80 on router at home and downloaded Apache then changed its configuration to make a public website. I told an instructor at uni this and she gave me a funny look and said I'm letting the whole world in by doing that, or something along those lines.
So what exactly are the security flaws in doing this?
Why is it bad to host a website on your router? Watch
- Thread Starter
Last edited by KillChrist; 08-02-2017 at 03:09.
- 08-02-2017 03:06
- 10-02-2017 16:56
Well for starters you do not host websites on a router. Routers are for routing, not storing data. What you are probably doing is hosting on your PC and using your router as a public gateway for people to access your website (since your PC won't have a public IP).
Opening port 80 means people can send requests to download your website. Great. It also means they can send whatever else they like to port 80. If you haven't configured any security settings (e.g. a firewall that only allows HTTP traffic through port 80) then it's like opening a door. If you imagine your router has thousands of doors (ports) which are locked by default, opening one is like leaving the door unlocked. Anyone can just walk in.
- TSR Group Staff
- 13-02-2017 12:35
At worst, you're opening yourself up to a Denial of Service attack. If the machine you're serving data from had a security flaw it's possible an attacker could exploit it, but Apache is generally very robust so this isn't particularly likely to happen. Unless the website itself is insecure, but that's a whole different can of worms.
Thing is, there are many sites that offer free basic web hosting. Serving the content yourself generally isn't a very practical idea, especially since it means you need to keep a computer running 24/7 - that's a lot of electricity and machine wear costs to consider.Last edited by Dez; 13-02-2017 at 12:37.
- 15-02-2017 10:13
If you're going to host it in your own better make sure that you set up your host propery do some server hardening on your machine install firewall protection, proper user previlleges *linux users*, keep your system up to date, for the sake of ddos attack mitigate it with cloudflare and install a https. For the question what are the security flaws in, just search for those that I mentioned above if those are not setup in the server. And last even how secured your box if your website has a flaw for xss attack, sql injection, mitm(man in the middle) then your server will still be comprimised but if the user permission is installed correct it will be lessesn, so i suggest to use a framework in developing your site.
Well, If the site is that important why create in-house server? Maintaning it is really costly there's a lot of cheap cloud server out there amazon(1 yr free trial using CC), digitalocean $5 a month, linode and many more. They had their best engineers so you don't need to worry about the hard stuff .