Any one else have a home server here..security questions

[NTHER91]

***I started up a little home server Just to have family ics and music and some ovies on it to share. Well I find that someone or some persons are trying to access it, now this dosnt bother me as I have nothing on the server but the above(no personal info) but it is annoying. now I am running serve-U as my program and have the dns through dyndns.com so I know there are linux options but I don't know how to use that .

 

The serving is running xp home. so are there any free security stuff I can do or get

 

 

should I find someone to admin it with linux or ??? I have searched the web but I had to dust off the brain to get thie little thing up and running so any help would be great...

[Rustlestiltskin]

Yes

[mmrmnhrm]

What exactly are you trying to accomplish? That right there ought to determine the appropriate security posture.

 

Are you trying to publish shit on the web for family (which appears to be the case?) If so, WinXP Home is the wrong OS for the job (just because it "works" doesn't mean it's "right"). At the very least, you should be using Windows Server, though Linux alone would be an improvement, and a more hardened OS like OpenBSD would be best.

 

How is this server being placed on the net? Are you redirecting port 80 from your router to the server, or is the server itself acting as the router via Windows ICS? If the former, you're probably not in too bad of shape, if the latter, you're just asking for pwnage.

 

Many ways to skin this cat, some of which result in a screeching feline clawing your face off, others in a dead cat and a useless lump of hair, and precious few that yield something a taxidermist can work with.

[AWW$HEEET]

make sure your shit is patched. run an apache front end on ubuntu (free), keep it patched, turn off unnecessary services, and you should be pretty secure.

[jeffro]

are they trying to access it from your local network? If so then you could just put a password on your network so they cant get in to your local network.

 

if external, just make sure you have a strong password. It doesnt sound like they havnt gotten in yet, which would lead me to believe that theyre just trying to guess or bruteforce it.

 

awesome answer by "mmrmnhrm"

[mmrmnhrm]

awesome answer by "mmrmnhrm"

- I've been running a publicly facing home server for nearly 8 years. Believe me when I say I sometimes question its worth.

- It's my job to keep professional server admins happy with A/B power and N+2 cooling. We don't do the "nines" shit, my SLA is 100%.

- As much as I love cats, I will never approach one without a handful of catnip at the ready

[NTHER91]

I have port 21 forwarded

 

I am just doing this for family so I can share the pics and bids and music

 

As I said I had to read a lot and dust off the brain just to get this thing up to where it is

 

The only reason I know someone was trying to get into it was due to the log someone tried multiple times with "root" and a password and a few others they were not successful but just don't want them to be ever

[Mr. Jones]

A few things:

 

 

1. Regardless of what front end or program you choose, people will continuously probe port 21 and other pop/newb ports, it's going to happen, and happen all day, especially on RR's/ WOW's public ip space. ( you can always change your port and share that with your friends/ family and that will cut down on 99.9% of it)

 

2. Listen to what gabe said, cheap front ends like serv-u, cute-ftp, ect. have more holes than swiss cheese typically and the dev's aren't exactely breaking their balls (Free products with mediorce following.

 

3. If feasable, sandbox it in a VM with a small linux machine w/ apache and use RO smba shares to the rest of your network (probably stretching now for home security)

 

 

4. If you realy don't want to do any of that, pick a larger / well supported server and hope for the best, in all honestly 99% of the time you'll be fine, and do a port change to somethgn stupid.

 

IE: Filezilla is generally a good windows client & server with decent / regular updates.

[NTHER91]

Yea I noticed they also had a server utility. Filezilla that is