LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-17-2007, 03:53 AM   #1
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Rep: Reputation: 30
server or hosting?


Hi

I am considering setting up a website here in the UK.

After much research I have a standalone LAMP setup using Ubuntu7.10, Apache2, MySQL, PHP5 and Joomla CMS. This localised site running with good content but have now encountered my final decision point:

Do I now open the server to the net or host my site on a UK hosting site?

So far as I can tell the Pros and Cons are:-

Hosted
Pros
Security of my LAN computers.
Cons
Loss of "control" to hosting provider.
Reliance on server modules being available.
Potential down-time not under my control.
More expensive running costs.

Personal server
Pros:
Unlimited site space and control of it.
Reduced domain costs.
Cons:
Security a BIG BIG concern. Can access be gained from the net into my LAN and can individuals get access to personal data on files, even when I "lock down" the server and secure the web server's site folders.

I'd prefer to go Personal Server, but the security is a BIG issue for me.

Am I worrying too much?

Last edited by keratos; 11-17-2007 at 03:57 AM.
 
Old 11-17-2007, 04:39 AM   #2
FraGGod
Member
 
Registered: Jun 2007
Location: Yekaterinburg, RU
Distribution: gentoo
Posts: 59

Rep: Reputation: 16
I think in case of relatively small web portal problem of server-side software/settings security can be solved by contacting a trusted sysadmin who'll set up secure environment (which'll also make any attacks on server's LAN impossible). After that you only have to watch for any issues in public services (such as apache in LAMPP package) and upgrade if necessary, since it'll be your server's only link with the outside world. You'll also be able to open anything else you like if you'll feel it's safe and necessary to do so.

As for any possible security holes in running scripts - no host can fix that anyway and potential damage from that kind of exploit can be minimized to daily data by regular backups and monitoring.

Overally, I think you worry too much, but prehaps I just don't know what kind of risks are acceptable in your situation.
 
Old 11-17-2007, 06:17 AM   #3
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Original Poster
Rep: Reputation: 30
Hi , How are things in Yekaterinburg, Russia - COLD I suspect, like here in London.

thanks for your opinion on my predicament.

This is an small school organisation, we have a closed loop LAN (no net access - yet), and I AM the sysadmin. The environment is as secure as I can make it (firewall, ports closed down, separate system user + group for apache server, separate user+password for mySQL, file/directory permissions etc.

What are the "Public issues" to you refer to in Apache?

Essentially, I would like to know if it is possible for "private and personal data" that may exist on our LAN, to be accessed when running a LAMP server, then I think the decision has to go to put the site on a commercial hosting provider whose network is physically segregated from ours?

(your English is superb ;-) - are you student?)

Last edited by keratos; 11-17-2007 at 06:18 AM.
 
Old 11-17-2007, 08:13 AM   #4
bryantrv
Member
 
Registered: Jan 2005
Location: DeLand, Florida US
Distribution: Debian Etch
Posts: 91

Rep: Reputation: 15
I really don't think you have anything to worry about- in my opinion, you will be able to keep up with security updates in a much more timely manner if you self host, and if you set up the server in a DMZ, then it should be secure.
The biggest concern will be keeping Joomla/php secure, but that should only affect the web server box.
 
Old 11-18-2007, 02:10 PM   #5
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by bryantrv View Post
I really don't think you have anything to worry about- in my opinion, you will be able to keep up with security updates in a much more timely manner if you self host, and if you set up the server in a DMZ, then it should be secure.
The biggest concern will be keeping Joomla/php secure, but that should only affect the web server box.
Thanks for that Chris.
The server is behind a Netgear WGT624 router. The router only operates on a single subnet (so far as I can determine from the config screens so It is not clear to me if I can configure the LAN on one subnet, the server on another and the router on the third subnet ??
 
Old 11-18-2007, 03:16 PM   #6
FraGGod
Member
 
Registered: Jun 2007
Location: Yekaterinburg, RU
Distribution: gentoo
Posts: 59

Rep: Reputation: 16
Quote:
Originally Posted by keratos View Post
Thanks for that Chris.
The server is behind a Netgear WGT624 router. The router only operates on a single subnet (so far as I can determine from the config screens so It is not clear to me if I can configure the LAN on one subnet, the server on another and the router on the third subnet ??
Prehaps you can spare some rusty hardware to assemble a router or a bastion-like host for your LAN?

Quote:
Originally Posted by keratos View Post
What are the "Public issues" to you refer to in Apache?
By "issues in public services" I just mean any dangerous vulnerabilities in services like apache, proftpd or their modules which seem to pop up every now and then.
Apache seems quite secure by itself (with exception for some DoS attacks) but it's modules (notably mod_alias, mod_rewrite, mod_perl, mod_tcl, mod_php, php-cgi) aren't that safe and their bugs don't seem to be fixed with the same speed as with apache so it's up to you to watch out for any security patches.

Well, and since you have access to everything you need, I see even less reason for you to use any hosting services.

I've lacked patience to finish university but it seems my english isn't beyond the point of irony yet or superb indeed, thanks. It'll be below -20C next week, or so meteorologists say, so I wonder where is that "global warming" thing when we need one?
 
Old 11-19-2007, 03:01 AM   #7
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Original Poster
Rep: Reputation: 30
Hi again.

I will instigate your proposal for a rusty firewall :-) the spec doesnt need to be great, to run a firewall behind a router.

All public services are already shut down with the exception of http (of course!).

Your comment on mod_php on apache makes me slightly nervous because our site is joomla powered and of course joomla requires PHP. We run PHP5 currently plus mySQL although the mySQL server is on another machine and accessed via an application server so that "hopefully" adds additional security ??

From your insightful viewpoint I am tending to consider hosting the site ourselves, but if I understand you then PHP and apache's mod_php looks like our only "real" issue. In this case I believe all we can do is keep our apache and PHP versions current including all security patches.

Have I made a fairly accurate synopsis?

Thanks for your kind help.
 
Old 11-19-2007, 03:48 AM   #8
FraGGod
Member
 
Registered: Jun 2007
Location: Yekaterinburg, RU
Distribution: gentoo
Posts: 59

Rep: Reputation: 16
Quote:
Originally Posted by keratos View Post
From your insightful viewpoint I am tending to consider hosting the site ourselves, but if I understand you then PHP and apache's mod_php looks like our only "real" issue. In this case I believe all we can do is keep our apache and PHP versions current including all security patches.
That's exactly what I'm trying to say)
 
Old 11-20-2007, 02:12 PM   #9
keratos
Member
 
Registered: May 2007
Location: London, UK.
Distribution: Major:FC8. Others:Debian;Zenwalk; Arch; Slack; RHEL.
Posts: 544

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by FraGGod View Post
That's exactly what I'm trying to say)
Ok acknowledged and thanks for all the support on this thread.

Closing off.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hosting and ping samba server name as well as mail server name simultaneously cbekannan Linux - General 2 01-11-2005 12:11 AM
Hosting server behind firewall Krao Linux - Networking 5 07-11-2004 02:40 AM
hosting server wood Linux - General 3 06-05-2004 12:54 PM
how do i ping my server , what is my server name , web hosting waheedrafiq Linux - Software 7 12-03-2003 11:35 AM
How to setup a Hosting server? coolgy768 Linux - Newbie 2 11-10-2003 12:43 PM


All times are GMT -5. The time now is 10:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration