Hey there! Sign in to join this conversationNew here? Join for free
Turn on thread page Beta
    • Thread Starter

    So I opened port 80 on router at home and downloaded Apache then changed its configuration to make a public website. I told an instructor at uni this and she gave me a funny look and said I'm letting the whole world in by doing that, or something along those lines.

    So what exactly are the security flaws in doing this?
    • Community Assistant

    Community Assistant
    Well for starters you do not host websites on a router. Routers are for routing, not storing data. What you are probably doing is hosting on your PC and using your router as a public gateway for people to access your website (since your PC won't have a public IP).

    Opening port 80 means people can send requests to download your website. Great. It also means they can send whatever else they like to port 80. If you haven't configured any security settings (e.g. a firewall that only allows HTTP traffic through port 80) then it's like opening a door. If you imagine your router has thousands of doors (ports) which are locked by default, opening one is like leaving the door unlocked. Anyone can just walk in.
    • TSR Group Staff

    TSR Group Staff
    At worst, you're opening yourself up to a Denial of Service attack. If the machine you're serving data from had a security flaw it's possible an attacker could exploit it, but Apache is generally very robust so this isn't particularly likely to happen. Unless the website itself is insecure, but that's a whole different can of worms.

    Thing is, there are many sites that offer free basic web hosting. Serving the content yourself generally isn't a very practical idea, especially since it means you need to keep a computer running 24/7 - that's a lot of electricity and machine wear costs to consider.

    If you're going to host it in your own better make sure that you set up your host propery do some server hardening on your machine install firewall protection, proper user previlleges *linux users*, keep your system up to date, for the sake of ddos attack mitigate it with cloudflare and install a https. For the question what are the security flaws in, just search for those that I mentioned above if those are not setup in the server. And last even how secured your box if your website has a flaw for xss attack, sql injection, mitm(man in the middle) then your server will still be comprimised but if the user permission is installed correct it will be lessesn, so i suggest to use a framework in developing your site.

    Well, If the site is that important why create in-house server? Maintaning it is really costly there's a lot of cheap cloud server out there amazon(1 yr free trial using CC), digitalocean $5 a month, linode and many more. They had their best engineers so you don't need to worry about the hard stuff .
“Yanny” or “Laurel”
Useful resources

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.