I recently managed to get a LAMP stack working on an old desktop. I am wanting to run it for very small tasks like file storage and maybe to test some things, nothing major. I am however a little preturbed about the possibilty of it being hacked into once i open up the ports on my router. I have looked around and not gotten any really good answer about how to fix this, so if anyone has any good advice it would be much appreciated. The systems OS is xubuntu 12.04 LTS incase that has any relevance.
i would turn your old pc into a super router. with router based firewall, and a bunch of other stuff. https://www.youtube.com/watch?v=Q0JFfpG4BWI
or if your just encrypt your home folder with ubuntu
I had thought about that but I'd much rather have a server.
Depends gain on what specific things you want to do and ether it's over internet or local network.
Running LAMP means that you will have running apache, mysql, PHP/Pearl/Python. If you're will want to connect to it over other machine then it's ssh as well. FFS don't run FTP, just stick to the SFTP.
So each program can be hacked. to protect:
- ssh/sftp. Easiest is to change it's port. You can do that in /etc/ssh/sshd_config also using rsa keys is a good idea. What we do is use ssh keys and disable password login.
- Mysql. Since it's lamp mysql will be accessable only from the same computer. If it's accessable from the network - just make it work on localhost only.
- PHP/Pearl/Python. Bad code == hack. Simple as that. Your pages your responsibility.
- Also all belogs to here as well. Patch yo' shit. No really. Just frequently update the system, that will prevent a lot of exploits within all LAMP stack.
If you will be running some sort of popular CMS. Patch it frequenlty too. Thats the main source of hacks.
Change the ports up that you can and put a honeypot to run on the rest. You could go to some local companies and ask if they have any old computers so you can get a Pfsense router going too then throw Snort Intrusion Detection/Prevention on it. Just a thought.
Who would hack some random persons server that only has files?
And to Akira4950 I would strongly reccomend AGINST anything based off of freebsd right now as the repos were hacked not to long ago.
The repos are fine.
Yes but the repos are fine. It was FreeBSD.org infrastructure that was hacked not FreeBSD the os. While there was nothing done to the repos there was the posibility so FreeBSD decided the right thing to do was to respond as if there was something done to the repos.
My point is that while its very embarrassing it was not the fault of a vulnerability in FreeBSD the os and it did not lead to a vulnerability in FreeBSD the os and considering this is the first time something like this has happend in like 10 years if not longer there is no reason to think or suggest that FreeBSD is insecure.
Its like teksyndicate.com getting hacked and then just assuming that now all .com domains are not to be trusted.