Hosting a website for private use, safety

25 pts.
Tags:
Security
Website security
I'm planning to host a website for myself from a Raspberry Pi. I pretty much know how to do that there's enough information on the internet already. But my question is about security, lots of other sources say about how dangerous home-hosting a website is however they only spoke about public websites. What if it’s just me using (and knowing about) this website how risky is it, will I still need complex security and constant software updates, which I nether have time or knowledge to-do. So here are my main questions: - Can I just type my server's IP address and port number and access my website or will I need to purchase a domain name? - Will it show up on search engines do I need to worry if it does? - Are other devices on my home network at risk even if I put in a DMZ on my router? - Is it possible to only send data to users after they have put in user-name and passwords would that make it safe? (Still only me who ‘s accessing it by the way) - Is it possible to restrict certain IP addresses from communicating with the server I realize that IP's can be changed but just wondering if it’s possible. Thanks M
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

http://en.wikipedia.org/wiki/Raspberry_Pi

You can access your website using only the IP address/port number like this: http://<IP address>:<port number>. I would suggest that you configure the web server to run on a port other than port 80, say 15231 or some other number of your choosing. As ISP assigned addresses are usually dynamic, you can register with a service that provides a domain name that works even when your IP changes. One such service is DynDNS. 
As far as the search engines go, you can create a .htaccess file in your web root directory with the line “Header set X-Robots-Tag “noindex, nofollow” and this line will prevent your pages from showing up in the search engines.
If you set up your DMZ properly, other devices on your network should be safe. Your router/firewall documentation should tell you how to do that for your particular device.
You can set up authentication on your site and that will prevent anyone who doesn’t have the password from viewing it. You’ll use the .htpasswd file to do this. Here is an article that describes the process in Apache web server.
You should be able to configure your router or firewall to block access from all addresses except the ones you will be using on the outside. Again, your router/firewall documentation will tell you how to do this.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ToddN2000
    I'm not a network guy, but I heard that most home IP address are not static. The change every time you connect. So that could be an issue. I used to use an outside company for hosting my site. Their pricing was not that bad and they offered a lot. I may go the home server route if it gets explained well enough in this question.
    133,810 pointsBadges:
    report
  • carlosdl
    You would need a public ip address. IP addresses assigned by ISPs to home users are usually not accessible from the web, and as Todd mentions, are usually dynamic.

    In case the above point is not a problem:

    -Yes, you can set basic authentication on your site, so it asks for user and password.
    -Yes, you can get to your site with IP address and port number only.  No need of a domain name.
    -Depending on how your network is set, yes, other devices could be at risk.
    -If you have a firewall (it could be a Linux machine, or even some software firewall), yes, you can restrict access by IP address.
    84,825 pointsBadges:
    report
  • Kevin Beaver
    You could also just host this internally on your own home network and not make it accessible to the outside. if you do end up putting it online, you could run trial versions of vulnerability scanners such as Nexpose and Acunetix Web Vulnerability Scanner against it to see what vulnerabilities might be present.
    27,515 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: