|
Post by rich357 on Jan 19, 2009 14:23:55 GMT -5
Carl, as I found out years ago, it is definitely NOT wise to try to running a home based operation. There are several factors to consider.
First, is your ISP happy with this? Maybe not. Many ISP's won't allow you to run 24/7. Not even on cable. Then you sure as hades should not even consider doing this if you're on dialup.
Then there are the rules. Not the ISP, but ICANN's rules. If you purchase a domain name and intend on using it on a home based system, ICANN will shut you down. You need a minimum of two name servers. Home based systems rarely have even one. Then, you MUST be online 24/7. Which is precisely why services such as no-ip came into being.
I do have a virtual server now and would like to install run basic on it but I need some help with that as I know nothing about these things. It's a linux based system. I could set up a domain name and you would then be allowed use of it say with a subdomain.
If anyone has the know how and time, contact me through PM here on the Libby board.
|
|
|
Post by Carl Gundel - admin on Jan 19, 2009 16:49:38 GMT -5
Carl, as I found out years ago, it is definitely NOT wise to try to running a home based operation. There are several factors to consider. Each person can decide whether home based operation is appropriate. So, this means that if you want to run a server from home you need to check with your ISP. Sorry, but can you back up this claim? I've never heard this before. Sorry? Your server at home does not need a nameserver. The nameservers are on the Internet, not in your home. If you want to run a server at home, then you will have no issue with the idea that your server is on 24/7, or do I miss something? Why does this make running a home based server a bad idea? Why do you need to set it up with a subdomain? Do you have another web server you will run alongside it? Are you planning to reverse proxy Run BASIC behind Apache? I still don't understand why repeatedly people bash the idea of running a home server. It is up to the individual to decide whether this option is the right one. -Carl
|
|
|
Post by mikeukmid on Jan 20, 2009 5:39:04 GMT -5
Carl, as I found out years ago, it is definitely NOT wise to try to running a home based operation. There are several factors to consider. First, is your ISP happy with this? Maybe not. Many ISP's won't allow you to run 24/7. Not even on cable. Then you sure as hades should not even consider doing this if you're on dialup. There are people who DO run home servers, whose ISPs block port 80 inbound traffic AND have dynamic IP address, as I'm sure you will know. I think the only time an ISP will even care is if you were trying to run a high traffic volume server - then with ADSL you wouldn't anyway. Personal servers have many uses. I have run RBPS for many weeks 24/7 as a security monitor (its off-line now), never heard anything from my ISP. Mike.
|
|
|
Post by zoomkat on Jan 21, 2009 0:48:53 GMT -5
I've been running webcam servers and apache on my home computers for ~8 years without issue. Just fun stuff and not high volume commercial.
|
|
|
Post by aristarkos on Jan 21, 2009 10:49:16 GMT -5
thanks, psycho
|
|
|
Post by smokinglizard on Jan 25, 2009 13:57:52 GMT -5
Doesn't opening port 80 on your home router (which doubles as your firewall) open you up to potential malicious attacks?
Norm
|
|
|
Post by Carl Gundel - admin on Jan 25, 2009 15:24:53 GMT -5
Doesn't opening port 80 on your home router (which doubles as your firewall) open you up to potential malicious attacks? Anything is possible, but you have to be concerned about security if you host Run BASIC somewhere else too. Always keep backups of important information. As to the question of whether Run BASIC listening on port 80 is a security hole, this is true if: 1) The attacker knows what kind of webserver is running on port 80 and the attacker knows how to attack the Run BASIC webserver. I don't even know how to do that myself. -or- 2) You write your Run BASIC app in a way that gives visitors to your site access to sensitive information. The Run BASIC webserver only serves up files in its public folder and any subfolders inside that folder, so people cannot view information anywhere else on the hard drive of that machine. If you want to be even more secure then install Run BASIC on a machine dedicated to that purpose and don't run any other software on that machine. Forward port 80 to the IP address of that dedicated machine. Just opening port 80 (or any other port) does not automatically make your network vulnerable unless there is an exploit for your router and operating system's IP stack. Assuming this isn't the case, there has to be software listening on port 80 (for example Run BASIC). The software listening on that port has to have an exploitable weakness. In addition, even if you don't forward a port, any software that you use that communicates with the Internet (for example Internet Explorer, Quake, Instant Messenger, Skype, etc.) also opens a port (or ports) and can be a security hole. Microsoft is constantly patching security holes in IE as well all know. The point here is that you're already at risk without forwarding any ports at all. Forwarding port 80 and running Run BASIC behind it isn't necessarily increasing your risk in big way. Run BASIC is written in a dynamic language that always bounds checks its arrays, so buffer overruns cannot happen. It would be near impossible for an attacker to inject some malicious viral code into your system using Run BASIC. So at least you don't have to worry about that. On the other hand it is possible to have a security hole in the TCP/IP layer itself that comes with your operating system, so I think you do want to keep up with your operating system security updates if you're going to run a server. So I suppose the question ultimately is do you want to run a server at home for whatever reason? If the answer is yes, just be aware of the risks. Client software like web browsers, instant messaging and similar software is not fundamentally less risky than server software. -Carl
|
|
|
Post by smokinglizard on Jan 25, 2009 19:24:06 GMT -5
You make good points, but IM, Internet Explorer, and online games are all outbound traffic. Web server requests are incoming traffic. My firewall (and many, many folks like me) have all outbound ports open but all inbound traffic closed.
So isn't opening port 80 on the firewall like leaving the front door of the house open? I believe you that Run BASIC is likely very secure, but if the front door of my house is open and my bedroom door is locked (Run BASIC), but all other doors in the house are open, aren't I still at risk? That is, if port 80 is open, can't a hacker attack something else other than Run BASIC?
|
|
|
Post by Carl Gundel - admin on Jan 25, 2009 20:30:27 GMT -5
You make good points, but IM, Internet Explorer, and online games are all outbound traffic. Web server requests are incoming traffic. My firewall (and many, many folks like me) have all outbound ports open but all inbound traffic closed. So isn't opening port 80 on the firewall like leaving the front door of the house open? I believe you that Run BASIC is likely very secure, but if the front door of my house is open and my bedroom door is locked (Run BASIC), but all other doors in the house are open, aren't I still at risk? That is, if port 80 is open, can't a hacker attack something else other than Run BASIC? No. Port 80 is just an address. An intruder cannot just waltz in through a port. There has to be software listening on that port, and the hacker has to exploit that software. Even if you set your firewall to forward port 80, that port is not open until something is listening on that port. So if you forward port 80 and there is no software running on your machine listening to port 80 there is nothing an intruder can do to exploit port 80. Also forwarding a port maps to a specific computer on your own network, and so an intruder cannot somehow look at port 80 on every computer on your network. It is very important to realize that the words client and server matter very little when it comes to security. All you really have is two software programs communicating over a network. The client initiates the interaction with a server (usually), but this is a just a matter of convention. A 'client' can exploit a 'server', and a 'server' can exploit a 'client'. Either kind can have vulnerabilities that can be exploited so inbound traffic and outbound traffic are no different in this regard. -Carl
|
|
|
Post by mikeukmid on Mar 30, 2010 12:56:29 GMT -5
Its been a while since I posted here due to other interests and commitments, but I very recently discovered something of interest (to me at least ;D ). I have been using dynamic DNS client software for some time, to keep a Dynamic DNS service updated with changing IP address. The discovery is that my ADSL modem/router has a built in DDNS service, but it does not appear in the setup menus and it seems that this is very common. The secret is to set up DDNS by telnetting into the modem and using command line. So there may be a more suitable method of running your RB server on a dynamic IP connection, www.kitz.co.uk/routers/cli.htm is a starting point to find telnet commands for various ADSL modems but first check your modem setup pages and look for DDNS options. Sources on the net indicate that most recent modems do have DDNS (mine is dated 2006, is that recent?) This came about with the need to put a 'microserver' on-line without a PC to do the DDNS updating. Hardware buffs may be interested in the device called Siteplayer SP1. www.netmedia.com/siteplayer/webserver/index.htmlSiteplayer is ethernet connected and provides a minimum of 8bit digital I/O and a serial connection. A most interesting device which has been around for 10 years and I've only just found it. Siteplayer could also be networked locally and accessed from a RB server to provide hardware remote control, avoiding the need for serial or parallel port access from RB.
|
|
|
Post by waybackman on Apr 11, 2010 22:14:31 GMT -5
aristarkos,
I think the problem is that you're setting the router to forward requests from port 80 (8008 or whatever) to IP address 192.168.1.150 but the computer running RunBasic isn't configured to use that IP address. Instead, it's been configured to automatically obtain an IP address from your router's DHCP server and the first address available in the DHCP range is 100.
You need to know how to set up a static IP address on your LAN for the computer running RunBasic, because the DHCP "lease" expires every 24 hours by default, which will disconnect your server computer from the internet. A static IP address never expires.
Once you've set a static IP address in your computer, you may also need to set up the router so that it "knows" that particular IP address is used and never tries to assign it to another computer through DHCP.
I don't know exactly how your router works so I can't walk you through all of the actions required, but the above should give you a good starting point.
|
|
|
Post by turtlewax on Aug 1, 2011 19:52:28 GMT -5
Hey it's easier than you think. Go to Portforward.com and learn about forwarding the incoming port 80 to port 8008 for RB. Usually you will see something like VPN or forwarding in your router configuration interface. A friend types in your external IP as 123.123.123.123 (no port number needed) and your router sees the request on default port 80. Then it forwards the request to your home computer say 192.168.0.25 on port 8008. RunBasic server listens on 8008 and replies back through your router. The router passes the RunBasic reply out to the internet to your friend. Life is good, TurtleWax
|
|