Website Help

[BloodRed]

I know we have some Website guru's out there so I need some help. I will admit, I am not very knowledgeable in websites, so I need some help. If you check the link in my signature, that is a link to my website. Some friends of ours are letting us put our website on with theirs. I have no idea who hosts there website. But anyway, over Thanksgiving the main website got hacked and the host shut our website down. I guess there were over 200 emails/minute going through the website, so it bogged down there servers so they shut us down. I guess this is like the 3rd time the website has been hacked. I guess the host told the guy who runs the website that if it happens again, they can fine us. Anyway, is there any suggestions to what we can do to prevent this from happening again? Any programs or utilities that will help with security?

 

Since things like this have happened before, it has got me thinking of going out on my own for our website. I know you can go through hosting companies and pay a monthly fee for server space and stuff, but I have also heard you can basically build up a computer at home and host the website on your own. Then you only need to purchase your domain name. Is this correct? I guess I have a lot of questions dealing with publishing a website. Of course we have our website already built, just looking at helping our friends secure the website or going out on our own with the website.

[Akula]

Ok, so someone hacked your hosts' site and turned the server into a spam-bot. You need to figure out how they got in, if you are running IIS5 or unpatched any IIS you probably will have this problem over and over. Apache isn't immune to hacking, just immune to simple hacking. Basically you need a secure setup.

 

yes you can host the site at your home if you have A. a static IP or B. Register with a dynamic DNS company. (dhs.org?)

 

Basically you build the site on the computer you want and put it in your home network. Then you need to get the DNS pointed at your IP/DDNS. Once that is done you are done. You need to pay attention to security on the new site and your network. That is another topic though. make sure you apply the latest security patches....mmkay?

[BloodRed]

So basically all I can do is make sure we are running the most up to date software?

[Akula]

No, you can put protections in place. Here is the rub, letting someone access a webserver is what makes it not secure. By allowing traffic to it, someone can disguise his/her traffic as benign web traffic and take over the box. Most up to date servers mitigate the risk of an attack, but again the fact that the box is open to the world makes it vulnerable. So you have to put the server in a controlled environment with as much security as possible and still allow the end user to do what the server was intended to do. You can put a firewall in front of the server to add an additional security measure, shut down unused services on the webserver like telnet, ftp etc...

 

There are M A N Y good books about securing a web environment, go to Barnes and Noble and check some out.