[TriLUG] free (or very cheap) nonprofit web hosting?

Chris Merrill cmerrill at nc.rr.com
Tue Jan 28 12:47:23 EST 2003


Mike M wrote:
> That is good to hear.  How do you test your website?  Log into your TriLUG 
> shell account and use lynx?

If you mean "test to see if the website is working"?  -- I just browse to it.
Otherwise, I'm missing your meaning.

I knew the machine was going to be my firewall/server, so when I installed, I
only installed packages I knew I needed.  Then I turned off most services.
I use NAT and ipchains, so most incoming connections are blocked at the firewall.

For my mail server, I used PostFix, which has a reputation for being
secure and easy to configure.  I turned off any options that I did not
plan to use.
I tested the mail server for vulnerabilities using a website that
runs a suite of tests against your server.  Don't remember the link,
offhand, but it was posted here, so search the archives.

> I worry about things like an Apache exploit or a PHP exploit where someone 
> can break into the host and then wander around the rest of the system from 
> the compromised host.  I'd have to strengthen the security throughout my 

My other machines have no common logins with my firewall, so compromising
the firewall does not give them free reign to other boxes.
In addition, most are only turned on when in use, which (I think) reduces
the risk of break-in.

> network - probably not a bad idea.  But what about those two M$ machines - 
> are they impervious to attack if they have no servers or email clients (I use 
> Kmail and my wife uses a Yahoo account)?

I can't believe you said "M$" and "impervious to attack" in the same sentence.


*********************************
Chris Merrill
cmerrill at nc.rr.com
*********************************




More information about the TriLUG mailing list