My First Q, Linux related!

  CamPatUK 10:19 08 Jul 2004

I have recently joined these forums and am very impressed with the level of maturity of the responces, most free access forums are filled with flames and grudges.
I have recently set up a linux box for accessing the net and downloading large files, i consider myself to be a moderately fast learner and am switching to in isp with static ip option. I now find myself wanting a new challenge and web hosting and mail servers are next on my tick list does anyone have any reccomendations of free downloads for hosting, designing and administering web sites and mailboxes, i can get a third machine purely for hosting if necessary, basically anyadvice would be massively appreciated.

  Gaz 25 10:45 08 Jul 2004

Well, you wish to do exactly what I am doing... Hosting my own website.

Well first of all you need apache. click here

This may be incuded with your server installation of RedHat or whatever distro you are using.

I am using RedHat enterprise server and it gave me to option upon installtion - however don't threat if you forgot - you can install packages later in linux.

You then need PHP and MySQL click here click here - but it doesnt stop there.

These packages must be configured for MAXIMUM security and speed. So looking for a streamlined php.ini file is good - and ensure safemode is enabled.

Next you need user space that can be uploaded to using FTP. Bulletsoft FTP is popular but there is also FTP server built into some linux distro's.

After that then you need a DNS server - this is the only paid option and NO-IP PLUS offers this service click here and allows www . your domain . com to be YOUR website.

What ever is in usr\htdocs will be avaiable to the public. If you want to host for customers be careful about the drawbacks - loose their data, dont have the uptime = upset customers.

But.. just create new directory such as usr\htdocs\customer

and set this in http.conf

then your\customer will be their space until they add a domain.

Other than that - their is just your server monitoring anf back-up software + not to mention set-up the IPTABLES firewall rules in Linux.

See on google for many good tutors to get a secure IPtables simple firewall. Then add a windows gateway antivirus scanner and a linux antivirus on the linux box.

Good luck - and feel free to e-mail me for more information.

  Gaz 25 10:47 08 Jul 2004

Oh and for SMTP you can use an SMTP server software.


1 server can do the lot - no need for seperates.

Although I do have several servers - they are all set-up with the same software.

  CamPatUK 10:56 08 Jul 2004

I'm using FC2 in workstation mode but with some custom elements installed.
Thanks a lot i think i have all the packages you mentioned and i'm not too worried about downtime at this stage it's just going to be a way for people i know to communicate and have fun my family is well dispersed globally. also if you have time i am changing over to as my isp and they mention something about domains in the metro line 2000 which is the package i want does this cover the money side of things or should i go to simply or one of the others for that.
Just going to play with apache now so this question might be premature but can you get flash plugins or are flash sites designed in other software.

  CamPatUK 10:57 08 Jul 2004

p.s. you say you have multiple servers is that for redundancy or for different tasks and do you know of any free and decent forum config apps?

  Taran 11:23 08 Jul 2004

at the risk of repeating myself I strongly suggest that you DO NOT go down the road of self hosted site(s) and especially not self hosted email services.

I have a long background in network and server admin and I wouldn't dream of self hosting as a realistic option when good quality web/email hosting may be had for such a small investment.

If you really want to learn all about it why not just enrol on one or more networking courses at your local college or university ? You will get formal training, a qualification at the end of it and you will be kept on a straight path from the outset.

You don't just crank up a web server in five minutes and while I appreciate this is to be a learning curve for you I strongly urge you to consider a formal learning (AKA safe) environment. If you try a self hosted option with your ISPs static IP address and if (sorry, make that when) you get infiltrated your ISP will drop your service in short order if your account is misused by a person or persons unknown.

It's bad enough when a web server is illegally accessed (just ask Gaz 25 about that or click here ) but if you configure mail server(s) and they are penetrated and misused you could land yourself in a very great deal of trouble.

Learning a topic like this is best done in an environment where you won't get yourself or anyone else into trouble, hence my suggestion for a possible course with your local college or uni. Learning Linux is difficult enough, but learning effective web and email server deployment, with full database support, CGI and so on all locked down and effectively secured is not something to be undertaken lightly.

About the only realistic option I could suggest is to get your hands on another machine to use as your web server, get a router and rig the machine as a server on your internal network, only serving to those machines connected to the network, not to external requests. That will allow you to play in a safe environment with almost 100% realism in terms of configuring the web server, without the risks of an outward facing portal.

I can almost guarantee that you will experience one or more major security incidents if you rig up an outward facing web and/or email server. Almost any system administrator will be able to seriously disrupt your server without scratching their heads, never mind the plethora of hackers and script kiddies out there using various port sniffers and so on.

Sorry if this rains on your parade at all, but this is the one area, perhaps above all others, that regularly crops up where the risks are high and the gains are low. That's not a good base to work from at the best of times so unless you are satisfied with an internal, inward facing server I'd forget it completely or enrol on suitable training.

Ask your ISP what their penalties are in the event that you encounter a security issue. You might get quite a shock.

If you still want some links to research the topic ask and I'll post some, but it would be very much against my better judgement which is why I'm not offering any with this reply.

  CamPatUK 11:40 08 Jul 2004

all advice duely noted and i'll drop the email side of things, also i will do all my development on inward facing ports only and then at a later date i'll start worring about outward facing but i get the impression i do have all the kit i need and am interested in learing at my own rate. Just another little diddy i just installed xampp have you any experiance with this app? Also i know i might seam stubborn but i'd rather buy a hardware firewall than get external hosting is this an even slightly realistic option?
I think i did get over enthusiastic about the security of linux and all your comments have suitably instilled the FoG in me.
p.s. i never really got on in any structured learning environments and am currently doing my mcse, i say currently it starts in sep two courses would be a bit too much!

  Taran 12:26 08 Jul 2004

No, I've no experience at all with XAMPP.

In the past I have suggested other alternatives to people for a local testing web server environment, like the excellent package offered at click here

If you get this one don't try to get the SSL-enabled version - it is only available to US residents and any attempt to download from outside the US will be disallowed.

On the subject of hardware firewalls, if you have a router you probably already have one. Most small business and domestic routers feature a hardware firewall built in and many of them a very, very good. More on firewalls later.

To be honest this is a huge subject. You not only have to get your head around a server OS and in the case of Windows you also have to fund it, you also have to learn Apache, PHP, MySQL, Perl and all kinds of other things.

No matter how good (or otherwise) an individual package is, I've yet to find one I'd be willing to use as a working server in anything other than a local, inward facing test environment for web application development and testing.

If there was am off-the-peg system for installing and configuring a secured working web/email server in short order a lot of web host techs would be out of a job in no time. Most hosts run a very heavily doctored server software environment and trying to emulate that with commonly available downloads is impossible.

Have you looked at the latest Linux distributions ?

The Fedora Project (Red Hat) allows a default, graphical (non-command line) installation if the system is to be used as a firewall/gateway, which goes some way to configuring things at a low level. It does still require a massive amount of tweaking and rejigging, but it will get you up and running with some basic nuts and bolts to build on. Some of the other mainstream Linux distributions have a similar feature, so you could do worse than start there, and all of them allow you to install and run server software.

If you really want to start with something to get your teeth into, get yourself Slackware. It is about the closest thing to UNIX you can get, and when you get your head around it you can do some amazing things with low-level hardware, but because it is so UNIX-like using it is not as easy as other distributions.

The thing you have to keep in mind here is that Apache on its own requires a great deal of learning. So does effectively administrating PHP from the server point of view, and each other package also requires a full understanding or you'll get into trouble very, very quickly.

Without getting into specifics, there are more ways to break into a web server than enough and most of them are frighteningly simple, if you know how.

Using a hardware firewall instead of external hosting is a no-go. Any firewall is worth having and will protect you from a lot, but a web host offers features you could not hope to emulate without a huge investment.

Most web hosts have several levels of redundancy built in where if one server or line goes down others step in and the general public never even notice a blip in your site.

Think of it like this. One simple step in web server configuration is to prevent people from submitting a query as part of a URL request in the address bar of their browser. Let's say you have an outward facing web server and have not locked this down, if I type in a page address of your site with certain query parameters I can do untold damage to your server, access/wipe your MySQL database(s) and all kinds of other interesting things. You can put as many hardware firewalls in the way as you like, but they won't and can't even try to stop this sort of attack. All I will have done is requested a page with a bit extra on the address. Don't think I'm oversimplifying things. It really can be that easy if the server is run by someone who doesn't know what they are doing.

I'm being deliberately vague with the above description for obvious reasons, but it is just one of a great many factors to take into account and have a full understanding of or you'll come unstuck pretty sharpish.

  CamPatUK 17:46 08 Jul 2004

Again duely noted and again thanks for the detail of your responce, i am running FC2 so i know where you are coming from when you talk about the router firewall point of view, i also have a laptop i am using slackware on and agree that mastering it is impossible within even 5 years when working alone and just pooling info from the net and applying knowledge recieved from FC2. I am going to press on with the whole thing and dedicate the project to inward facing, once built i'll further seek the reccomendations of yourself and others here at PCA. As for apache i think most of the layout is fairly intuitive with a decent editor, my PhP and mySQL need a lot of work. Believe it or not my original thoughts were that building the site would be the tough part but you've flipped that on it's head and i thank you for that. I have to admit i never really thought of NAT or SPI as particularly effective firewalls but i see the point you were making about routers and i certainly don't want any financial or disruptive repercussions due to my neglegence.

I think i'll call this thread resloved but feel free to add any additional info you might have here in future, take care.

  Gaz 25 18:52 08 Jul 2004


Taran is quite correct.

And.. I take the risk. lol ;-)

But. My ISP is quite happy about it :-), and they did say that if a security hole did leak - as long as I taken action to stop it asap then they are not mithered.

I dont use the server for ANY personal things, and the server is locked down to high heavens. Its logged in a a restricted user as well. So no access to system files, hackers cannot change the configuration either.

Linux is by far more secure than windows, but its apache that needs correct configuring - and not to mention MySQL and PHP. Failure to do so, has its risks.

My version of apache is a modified version - and includes hacker request blocking and long/suspect URL blocking. If I try to open a CMD window using a php page, the request is denied an my IP is blcoked for 5 days.

Simple - but effective against that type of attack.

But to set these parameters in apache isnt the easiest and requres know how.

My server has not been hacked since thank god + the server is locked from accessing the rest of the network to ensure hackers cant access any other systems on the network.

  Taran 22:06 08 Jul 2004

Linux is, in fact, no more secure for real world use than Windows in a default graphical install of most of the mainstream distributions. That's one of the persistent urban myths surrounding Linux. I don't deny that Linux CAN be more secure, but often it isn't.

As far as server environments go, Windows Server 2003 is superb and takes a lot of beating and matches up to pretty much any Linux server environment in its own right.

Servers rely almost exclusively on one thing to remain secure: the knowledge and ability of the person running it.

I don't doubt that holes appear now and then in both Windows and Linux (and other alternatives) that are exploited briefly prior to a patch being released but Linux in a default installation can be wide open for anyone who knows to walk straight in. Having said that there are often ways of locking down a server without patching it by configuring it carefully, but obviously any and all security patches should be installed as soon as practical.

There are ways of bypassing most security measures if you have the knowledge, time, ability and one or two other things I'm not going to mention here.

As an example I did some security testing on a small Linux web server recently that the art department at college had decided to rig up without so much as a by-your-leave. It took me less than two minutes to gain root access and that was from outside the college network, which is ordinarily as close to impregnable as a network can be. In fact the server logs indicate a lot of rigorous attacks directed at the college but so far it has held up well (touch wood).

The chap who installed the server used to have some UNIX experience years ago and figured that, coupled with his belief in Linux being a naturally secure OS, would be enough to get the server up and running and 'bolt it into' the existing network. Having gained root on that server I could have done some minor damage to other areas of the network in general, but not too much since that is incredibly well locked down and the way in which the network is set out also assists in damage limitation. I scrambled the server for them, just to demonstrate a point and after that the art department decided to process all IT requests through the IT department. Very wise of them I thought...

I can't say that I find Linux any more secure than a well locked down Windows server though.

That's only my humble opinion of course.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Indie publisher Canongate’s top 10 book covers of 2017

New iMac Pro release date, UK price & specs rumours

Tablettes Amazon Fire : quel modèle choisir ?