NYCPHP Meetup

[John Lacey]

Chris Hubbard wrote:
> David,
> I've got a similar set up at home, but using XP instead.
> 
> If the box is connected directly to the internet, then it's going to get 
> hit by a lot of stuff, trying to hack it.  My personal recommendation is 
> to buy a small netgear router that supports NAT and port-forwarding.  
> these routers have a nice web interface where you can block all ports 
> except for 80, and then set up port forwarding from the router (which 
> will have the static ip) to the W2K box.  With this configuration the 
> box is pretty tight.
> You'll run into trouble with each port you open, mail, ftp, etc.  so 
> it's best, if you can do it, to just have 80 open.
> chris

couple notes ... if a home situation, is there a certainty 
of maintaining the same static IP address?  otherwise, it's 
a moving target

with asynchronous access protocols (like ADSL), keep in mind 
that the home network's upload speed is the download speed 
of the port 80 users -- which is just the opposite of what a 
web server calls for

NATing the external address without any other protections 
still gives outsiders pass-thru access to the internal 
address (usually the 192.168.0.0 variety)


> On Jan 8, 2004, at 9:21 AM, David Mintz wrote:
> 
>>
>> I am thinking I might like to set this up for a friend but this would be
>> for semi-production, if you will. That is, he would be serving to the
>> world off his home machine but not to mass audiences, just for a personal
>> site. Question is, is there a how-to or something somewhere that lists 
>> the
>> security steps to be taken to make this reasonably safe, or I am 
>> insane to
>> dare think of it? He's running Win2K.
>>

as their website says, the default XAMPP install is 
inherently insecure, for good reason since it's meant to be 
wide-open for development purposes (e.g. MySQL has no 
password and register globals is  on) -- so beware


hth,
John