5 replies to this topic

[bbqroast]

hey guys!
Just wondering what some worse case scenarios are (for contingency plans). Basically I have a server in my house running my website. My website is just a blog and project hosting thing (all for me) i'll put the url in my sig later.

- Site coded in PHP (in house CMS)

- Server runs Ubuntu Server x64

- Open ports (IPTables and router) are

  - 80 (web)

- IPTables only (internal access)

  - 22 (SSH)

  - 25565 (MC)

Also do you think I should risk opening port 22? Or maybe putting it on a non standard port (and telling it to stop giving away its version number)??

Also can anyone think of a way of rebooting the server when I am on holiday??

[Vaielab]

worst case senario, your bandwidth is probably slower
But seriously, if you don't have sensitive data, I don't see a big risk there...
Hacker want big server, not home server

And to reboot your server, first you need a watchdog in case of electricity cut
Then an kmv ethernet switch (kind of a vlc, but hardware), or do a little bit domotic, plug your electrics cable in a ethernet controlled switch, and you can cut the power, and turn it back on with the watchdog

[Alexander]

Quote

Also do you think I should risk opening port 22? Or maybe putting it on a non standard port (and telling it to stop giving away its version number)??

I often put SSH on a random port, not as a defense, more to prevent many server logs filling of failed attempts by automated scanners (and can thwart basic manual scans)

Even if you do this, you can create an authentication scheme (even passwordless), you can generate a public key on your laptop and place it in the server's .ssh/authorized_keys2 file (in specific formatting)) and it will only allow your mobile computer's/known PC's fingerprint to connect via SSH.

Even more specific, you can set your firewall to block all incoming traffic to those ports, and then allowing your specific IP address (or range) if that is known beforehand.

Quote

Also can anyone think of a way of rebooting the server when I am on holiday??

An SSH session can do such, as long as the server startup scripts are within init.d (or however your system is configured)

Generally this could work if you do not require offline booting, and can risk a shut down computer staying shutdown - otherwise you could go with hardware options such as listed above.

[bbqroast]

I meant rebooting if something had happened (me getting telinit mucked up and using 1 instead of 6) I guess I could setup a local relay (my router has some functionality - I can telnet it) with a magic packet would do. A UPS would be great... But expensive, maybe one without the battery.

What are the chances of a hacker getting into a VPN connected to the same network?

[Alexander]

Granted, you have posted this online however the chances are fairly slim. Often people scan intensively on VPS IP addresses, because they may not be owned by any specific consumer ISP and are likely more beneficial to target. If the attacker can find an exploitable bug in your router, or guess the password or break your authentication scheme (hard to do if set up mostly correctly) then you should be safe.

[bbqroast]

My router would probably die if they tried brute forcing it :D. But anyway I have disabled all remote access the the router, the only internal access is instantly passed to my server which has IPTables setup.