I don't Want to Hack You

[Possum]

Hi

For my own education I am running a server from home on a raspberry Pi. Standard Vanilla. Apache, Mysql, php. I have a static PI address which I point to my Parked URL with GoDaddy and just want to see how far I can go with this set up as far as hits and programming.  

I would like to link to my URL here. But I'm not going to as I would hate to be hacked and my server could attack others.

I am very careful about security. But its a moving target. If you have any security Advice for me that would be great as you guys  need to protect your investments. That means you know your security.

I have a home server, static IP address pointed to a url

What could go wrong..?

[1714912372]

1714912372

[1714912372]

1714912372

[jackg]

What is your firewall setup? In my experience there are two extremes of modem firmware, one let's every port stay open and has a fairly awful firewall, another had it so you have to say which devices should be able to engage in receiving external traffic when they didn't make the connection first...

Do you have the domain set up to go to a socket [ip+port]? Linux is fairly secure as long as you haven't fiddled with permissions too much though the probability of you being hacked anyway  through bitcoin core are very low (nodes get ddosed now and then, if it was that easy to hack them why pay for a ddos).

I don't know of any vulnerabilities in php, I know sql can suffer from injections so it's worth protecting against that.

[khaled0111]

Here is what a hacker will do, if you post your website link online:
- He will scan your website for vulnerabilities (SQL injections, RFI, CSS, RCE...)
- He will scan your server for vulnetabilities (open ports, some outdated programmes can be vulnerable).

All you can do is to use a good firewall and update all your softwares. If you are too skeptical, you can hire a white hacker to test how secure is your server.

Don't host your website on a shared hosting server.
Don't use free scripts.
Update all your softwares.
Close all ports you don't use.

[Possum]

Shieldsup

Its was Steve Gibson of Security Now who got me into Bitcoins in the first place.

https://twit.tv/shows/security-now/episodes/287

I believe I have done the full circle now.
Thank You..

[AverageGlabella]

Only use scripts which you have developed yourself or open source software. The benefit of this is you know exactly what the code is and can scope out any back doors within the software. Open source software is usually more secure because developers can make a commit easily and patch out any known issues. This means that there will be hundreds of potential developers monitoring the software and code and updating it if necessary which is better than just you working on your own code.

Try avoiding javascript as much as possible on your website. Usually vulnerabilities are found exploiting javascript. It is probably worth mentioning that the host that you choose should be experienced, trustworthy and clued up on social engineering tactics. Some of the biggest websites in the world have been social engineered at some point and you want to limit that as much as possible. Hosting it yourself would be the best option as you are no longer relying on a third party and their weaknesses. However if you are not an experienced web host it is probably better to go with someone who has a little experience.