Web Hosting from Your Web Server at Home
With the growing popularity and use of the Linux and BSD Operating Systems, and the free availability of web server software like Apache; coupled with high speed DSL and Cable Internet connections, more people than ever before are exploring the possibilities of setting up and maintaining their own web server from home. Microsoft has even offered a personal web server application for home use. Unfortunately, while the ability to setup and operate a web server at home has become very easy, most people lack the crucial knowledge and skills required to secure a web server properly–and this can lead to disastrous results for them.
The first problem one can have in operating a home based web server is that most commercial ISP’s simply don’t allow it in their Terms of Service. They provide users with high speed access to the Internet for email, web browsing and etc., but specifically stipulate that you can not use their networks for offering others access to your own server to protect their bandwidth capacities.
With regards to securing a home based web server there are numerous issues to consider. Entire books have been written on how to properly maintain and protect a web server securely, and not one of them even covers everything you should be aware of before operating your own home based web server because the topic is so wide ranging. This writing will only address one issue you face in operating a home based web server.
While you can easily go from blank hard drive to functioning web server in just a couple of hours, you will need to devote time each day to updating and installing patches for your Operating System, web server application and any additional modules or programs–such as PHP, Perl, MySQL or any other server features you include in the setup. Updates and patches are issued often for all of these and typically address security issues, so you have to stay on top of them every day to keep your web server secure.
Remember that by operating a home based web server you are in effect opening a port to your PC for the outside world to access, and there is no shortage of malicious people waiting to exploit that opening in a variety of ways if you leave it unsecured. And once inside, they will have access to every file and piece of information stored on your PC.
In addition, by gaining access to your web server a talented hacker can obtain administrator rights on the PC, allowing them to make accounts for themselves, install back doors or even run code and scripts that attack or attempt to break into other machines; and it will all appear as though you were the hacker in the logs of those other targets.
Hackers aren’t your only concern, you also have to watch for worms. New worms are appearing constantly, and even though most software is being continually updated to secure any holes these worms are able to exploit, if you don’t install the update before the worm reaches your web server you could be in serious trouble.
Once a worm infects your server it executes whatever functions it was designed to do. It could begin scanning for additional web servers on the Internet that are vulnerable–which can degrade your system resources and power as well as use loads of costly bandwidth, it can launch Denial of Service attacks against other host machines, or it could even access and steal your own personal information from you.
This is only the tip of the iceberg. Securing a web server properly involves far more than just keeping your software up to date. You have to know about various intrusion methods and monitor your server logs constantly to watch for them. If you operate a mail server on your PC you have to be aware of numerous Spammer tactics and constantly monitor for those as well. The list of basic security measures and practices goes on and on.
While it may be easy to start a home based web server, given the time investment for keeping it secure with the low costs of hosting services that employ professional administrators to keep their servers and network safe it simply isn’t economical or practical to maintain your own server from home for anything other than code testing–which can be done without opening your PC up to the outside world.
For live web sites in a production environment, paying affordable fees for reliable and secure hosting services is a wise investment and will free up your time to grow and expand your actual web site; and if you are really interested in how web servers operate–or perhaps even offering hosting services to others–there are established web hosts out there who provide Reseller and Virtual Private Server accounts which are a great way to go. They provide you with large chunks of disk space and bandwidth, that you can then divide into smaller chunks and sell hosting services to others with. This allows you to do the things you wanted to with your home based web server, while still having the support and security of a professional service behind you.