Solve : Just One Page?

1.	Solve : Just One Page?
Answer» Hi guys. I have just bought a domain from a company, but all I am looking to do with it, is to host one really simple webpage. The cheapest the company (where I bought the domain) could offer me was there basic starter hosting package which is £34 (approx $50) for the year. I know this isn't much, but because I only need a very small amount of space, I wondered if there was an even easier and cheaper way to get around this. Many thanks for any replies posted. Kop442000The cheapest way, if you're already on broadband, is to host the web page on your own computer. Does that idea interest you?You can do that? How?Simply run a web server. Of course, it means that your machine must be running 24/7 and a good portion of your bandwidth may be consumed.There's just a little bit more to it than that, and I'm not sure the word "simply" is entirely appropriate in this context. If you don't have a static IP address, you'll need access to a dynamic DNS service such as that provided by dyndns.org. Even if you have a static IP address, the DynDNS services allow you to convert that into something more memorable than numbers. E.g. I use pcproblemsolver.dyndns.biz. If you run a web server within your home (or business) network and set up your router/firewall to allow traffic to reach it, the outside world can access your personal web site by that means. Doing things on a low budget, I would recommend running Apache rather than Microsoft's very poor Personal Web Server. Apache is free for download, and is very fast and well suited to almost all web purposes. Yes, you will probably need to keep your web server and ADSL connection on permanently, but I think that still works out cheaper than most hosting options. And you can upgrade your web service for free - e.g. by adding PHP and MySQL, something that ISPs often charge extra for. As for bandwidth, remember we're talking about upstream bandwidth here, i.e. from your computer outwards. Your broadband will typically be 1Mbps downstream (towards you) but much less than this upstream - 128Kbps or less is common. So you wouldn't be able to run an extremely popular web site over broadband. There just isn't enough bandwidth. It's plenty for most home uses however. People accessing your website from outsite will not noticeably slow down your own online experience, since you will usually have much more downstream bandwidth to spare.PS I may have my upstream and downstream muddled up there, but the gist is correct!!! Thanks for the posts guys. Will have a think about all that. Cheers.So, basically, if I run my own server people can only access it when I'm on my computer? Interesting... Um, I created an account and a host. How do I actually get the web site up there into the right place? Do I do that on the web site, or what? [edit]Oh wait, I found that in HTML-Kit I can import a site from a URL, so I can work on it from there. I think. It's asking for Username and Password, and I put in my dynDNS username and password, but it won't accept it! Also, when I try to go to the service I created, it asks for username and password. I put them in, but it doesn't accept them! What am I doing wrong?[/edit]First of all, is it actually a website that you want to run or is it perhaps an FTP server for sharing files? I run a private FTP server using Serv-U and No-IP. My address is ftp://myservername.no-ip.comJust an HTTP site. No downloads. [edit]I should probably mention that I am working on parts of the site. It isn't yet complete, because I have some routine work to do on it. I would like to know how to do it so that when I'm done making sure that that table I made renders properly in all browsers I can, or making sure those hyperlinks work like they're supposed to, then I am able to put that site on there. [/edit]Dilbert, what web server are you using on your computer? And what DynDNS client are you using? (See the support section at DynDNS.) How do you connect to the internet? If you're using a router, have you ensured that external port 80 requests are forwarded to your PC? Re the links - always use relative links, rather than absolute. It makes testing so much easier. That said, I often work on live sites (naughty) changing the files on the web server, rather than elsewhere+uploading and just test the changes as I go along. Make sure you have the three big three browsers at least (Opera + Firefox + IE) for testing purposes. In the case of IE, it is better for security to run one of the "wrapper" browsers like Maxthon or Slimbrowser, which are based on IE. Quote Dilbert, what web server are you using on your computer? This is going to sound dumb, but I don't know. How can I figure it out? Quote And what DynDNS client are you using? (See the support section at DynDNS.) I'm looking all over the support section, and can't find info on it. Thinking it would help, I installed the Official Windows Update Client. What on Earth do I have to do? Quote How do you connect to the internet? At last, a question I can answer! I use a wireless connection to my mother's router, which is hooked up to her computer. Quote If you're using a router, have you ensured that external port 80 requests are forwarded to your PC? Um... no... how do I do that? (I thought I knew about this stuff. I kinda feel like a moron for not getting this.) Quote Make sure you have the three big three browsers at least (Opera + Firefox + IE) for testing purposes. In the case of IE, it is better for security to run one of the "wrapper" browsers like Maxthon or Slimbrowser, which are based on IE. I have those three browsers. Sorry for this guys, I don't mean to be such a hassle. Quote This is going to sound dumb, but I don't know. How can I figure it out? No problem. You're either not running one, or you're running Microsoft's Personal Web Server (a Windows component). In the latter case, uninstall it. In either case, get Apache and follow the installation instructions carefully. I'm afraid there's a bit of a learning curve, but I'm sure that won't put you off. Now would also be a good opportunity to obtain and install MySQL and PHP. Then you have a very sophisticated web & database server running on your PC. If you want to get into MySQL, also obtain PHPMyAdmin. Invaluable for administering MySQL databases. Quote I'm looking all over the support section, and can't find info on it. Thinking it would help, I installed the Official Windows Update Client. What on Earth do I have to do? That's what you need. It tells the DynDNS servers what your current IP address is (in fact the address of your router). Quote At last, a question I can answer! I use a wireless connection to my mother's router, which is hooked up to her computer. Which router? Quote Um... no... how do I do that? Varies from router to router. Grab the manual and look for "port forwarding". Assign a static local IP address to your computer (don't use DHCP) and then forward the incoming port 80 requests to your PC's LAN IP address. Quote (I thought I knew about this stuff. I kinda feel like a moron for not getting this.) Don't be silly - if you've never done it before, why would you know? Playing and trying things is the best way of learning. Quote No problem. You're either not running one, or you're running Microsoft's Personal Web Server (a Windows component). In the latter case, uninstall it. In either case, get Apache and follow the installation instructions carefully. I'm afraid there's a bit of a learning curve, but I'm sure that won't put you off. I downloaded apache and installed it. Quote That's what you need. It tells the DynDNS servers what your current IP address is (in fact the address of your router). Oh good! I got it right. That's a relief. Quote Which router? Linksys Wireless-B. Quote Varies from router to router. Grab the manual and look for "port forwarding". Assign a static local IP address to your computer (don't use DHCP) and then forward the incoming port 80 requests to your PC's LAN IP address. I think the setup for Apache said something about allowing port 80 and I chose it. Would that do it? Quote Don't be silly - if you've never done it before, why would you know? Playing and trying things is the best way of learning. To give your PC a static IP, first find out its current IP address. (Network connections-->LAN-->Status). Then change the properties for the connection so that instead of being given an address/netmask/DNS server, you assign them manually. In fact you should be able simply to copy all of the entries from status; this will fix them. Explanation: your computers are all on a subnet, and probably have IP addresses starting with 192.168.1. For example, the Linksys may be set up as 192.168.1.1 and then have a built in DHCP server that assigns IP addresses to the LAN, starting from (say) .10. Practice varies with each router. So your computer may have a current IP address of 192.168.1.11. If you can get access to the router's interface (you'll need that later), you should be able to discover what IP addresses it allocates. It will usually only be a few (eg. from .10 to .20). If you can find that out, it is best to give your PC a number NOT in that range - e.g. 192.168.1.200. You'll need to read the router's manual. It probably handles DNS requests for the LAN, so on your PC, enter the router's IP address as the DNS server (e.g. 192.168.1.1). Whilst you're in the router, using the manual, set up port forwarding. All incoming requests on port 80 need to be forwarded to your PC's IP address (e.g. 192.168.1.200) on port 80. Make sure your PC's firewall allows incoming and outgoing connections on port 80. So long as you keep your installation of Apache up to date with the latest security patches, this is pretty safe. Now your router has an external IP address - the one the rest of the world sees. To check to see if your web server is accessible to the outside world, first of all find out the router's current IP address (just use http://www.whatismyip.com/) and then enter that address in your browser's address bar, with http:// in front. You should see your web server (unless your router specifically doesn't allow that kind of connection). Report back! OK, I'm a little stuck right at the beginning. I can see my IP address, and it's different from the one the DynDNS Updater has showing. OK, I'm going to leave a digit out for security, but: My DynDNS thing says my IP is 71.111.188.2 because that's what www.whatismyip.com told me before I installed the thing. However, in my wireless connection settings, my IP is 192.168.1.2. I can't find where to make it assign the address/netmask.DNS server manually on my Windows XP. My Local Area Connection is disabled because I have the wireless thing set up. If it helps, this is what I see right now: Quote OK, I'm a little stuck right at the beginning. I can see my IP address, and it's different from the one the DynDNS Updater has showing. Yes - that's correct. Your entire local network has only one IP address as far as the rest of the internet is concerned. The router does something clever called "Network Address Translation" to ensure that information is router to the correct computer on the network. Your local network has a particular range of IP addresses that is supposed to be private and not leak out to the rest of the internet. Article A. Article B. Those two articles will really help you understand what we're doing. Quote in my wireless connection settings, my IP is 192.168.1.*2. I can't find where to make it assign the address/netmask.DNS server manually on my Windows XP. My Local Area Connection is disabled because I have the wireless thing set up. Your wireless connection is a LAN. In that helpful picture you posted, the two places you need to look are: 1. Wireless connection 3 properties - scroll that list down to TCP/IP -click it, choose properties. 2. Wireless 3 connection status - click the support tab.OK. I am certainly NOT in a good mood right now. I had this conversation with my mother last night: Mom: What's up, Tim? You look like you got a lot on your mind. Me: Well, I found a way to host my own web site for free! Mom: What is it? Me: If I create my own server - Mom: No. Me: ... Mom: No. Me: Why not? Mom: Because opening our network invites hackers to get in. And if they do, they could get into my computer and trash that. (Her computer has a lot of financial programs, budgets, that kind of thing.) Me: ... Mom: Do you have security for it? Me: Yes! Mom: What? Me: I have Apache... it's a piece of freeware - Mom: shakes head* Mom: I want to see everything you got drawn out on paper so you know EXACTLY what you've got. OK. Is there any way to PROVE this is safe to her?Yup. Go to Shields UP! and run their tests from any PC on your network. Also, feel free to invite her to come here. There are plenty of people here with I.T. qualifications and experience in securing networks. It sounds to me like your mum doesn't really trust the hardware she's using - that's more of an issue, I would say. If she trusts the hardware, then opening up port 80 from the router to your PC, running a secure piece of web server software, should not be any problem at all. Please note that Apache is not "freeware" - it is part of the open source software movement. That has considerably more credibility than a bit of free software. You may like to point out to your mum that the industry-standard piece of software you have just downloaded is used on the vast majority of web servers used on the internet. See the second graph on >this page< - Apache's share of the entire market - including security-conscious global corporations is holding at around 75%. There's a very good reason for that! Your mum needs to realise that opening up a designated port in this way does not really make her network any less safe. If she is connecting to the internet with a computer that contains sensitive data, she must already ensure that she has adequate safeguards in place. An internet-connected PC has a presence on the internet. Your proposal does not change that. You are not "opening up your network". Neither are you sending and invitation to hackers. Sorry if this scares your mum, but the hackers already know about your network, and they'll already be trying to find out what they can do about it. This is the same for every internet-connected computer on the PLANET. People run scripts testing every possible IP address and finding out what's there. They do this continually until they find a weakness. This is why security precautions are essential. There is good news however; if you take all sensible precautions, then you can (for free) have basically government-standard security in place in your home.Ok. One step at a time, as usual. I went to Shields Up! and tested my first 1056 ports. My results: ALL of them were Stealthed EXCEPT for Port 113, which was Closed. I'm unsure of how to Stealth it. ALSO, I tried the file sharing bit. I am proud to say I put together this machine: Quote Attempting connection to your computer. . . Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet! Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and INTRUSION. Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. [edit]I was unable to spam myself with popups. I'm thrilled. Who says Norton sucks? I love the fact that I am so strongly defended. If I can get 113 secured, it'll be all I need to present to my mother: "Nobody can hack me, I'm safe." As a side-note, she offered to allow me to host my site on her Verizon account. I didn't bother to point out I was likely to still need a server.[/edit]Dilbert, my antivirus I got online and all of my ports are stealthed, I didn't get any spam messages, and all my files are protected I don't think it has to do as much with your anti-virus. (But then again I wouldn't know)It's not my antivirus. I have antivirus, but I'm referring to Norton Internet Secutity 2005, which includes a firewall. Also, your ISP can help with that, as well as Windows Firewall. Now, how would I get Port 113 stealthed, then?Oh, Ok. Well congratulations on having a secure computer As for how to stealth it I have no idea.Quick (simplified) explanation about internet traffic in your case Dilbert: You ask your browser to bring up a web page - this is an internet request on port 80 Your computer talks to the router, and requests the web page You router makes a "mental note" of which PC on the LAN asked for the web page. It then asks on the internet for the web page. The web server responds, on port 80, to your router. Your router forwards the response to your PC, since it knows your PC requested the response. Now when you run Shields UP!! scans, it's a little different: Your PC asks the router for a web page, on port 80 That web page responds on port 80, but it also starts scanning other ports The unsolicited ports scans are dealt with by the router, and go no further, since no computer on the LAN requested them Read the Shields UP!! explanation for why port 113 might not be stealthed (or need to be) here. If you have a decent firewall built into your router, a software firewall on your PC is almost utterly redundant. In fact, they tend to induce a false sense of security. If a trojan can find its way onto your computer, it stands to reason that the trojan could be programmed to bypass or disable the firewall. Software firewalls just aren't that safe. Who says they are? The companies that make them. Yes, you do need to be a little cynical when it comes to matters of security. Incidentally, I'm afraid you can't take the credit for having such a secure PC, since the Shields UP!! tests were probing your router, not your PC. Sorry!Oh, well. Even if I didn't do it, it's related to my computer, so... oops. Whatever. (I will not let this thread be buried just because of that spam monkey) OK, I've seen that page, and I downloaded ZoneAlarm but I still get a "Closed" response from 113. It says I can "hard stealth" it with my personal firewall. I have Norton Internet Security 2005; how can I do that?Re-read what I said above. The probe is not getting as far as your PC - it stops at your router. That's exactly what you want. It makes no difference what firewall you install on your PC therefore. Besides, a stealthed port doesn't present a significantly greater advantage over a closed port. Script kiddies will run their scripts indiscriminately, not caring what response they get (if any).Rob, I'm afraid that I have to completely disagree with your "thesis" regarding software firewalls! In todays climate, a properly instituted and maintained software firewall is not only desirable, it's essential! As one example, I'm just about to start work on a system that was "fully protected" by a new Netgear DSL router and it's firewall. It's absolutely infested! Not one of the infections that I have spotted so far has the ability to tamper with any software firewall in any way. As far as GRCs tests are concerned, they are, like most of Mr Gibsons claims, somewhat laughable. If you want to run a port scanner against yourself, try NMAP via [highlight]NetMonitor[/highlight].Dilbert, your router may have inbuilt support for certain Dynamic DNS applications, check it out. If not, search for your router on [highlight]PortForward[/highlight] where you will undoubtedly find a ready made "recipe" for just about any application you need to run. Again, the use of static internal IPs is to be recommended. In NPF, to make a rule, you need to go via: Personal Firewall>Configure>Advanced>General>Add or similar.lmfao Shields Up! I've just tested a port which I'm running a server on and a client is actually connected to it. According to GRC, it's fully stealthed! The same test with NMap sends my firewall into a fit of frenzy. Quote Rob, I'm afraid that I have to completely disagree with your "thesis" regarding software firewalls! In todays climate, a properly instituted and maintained software firewall is not only desirable, it's essential! That's fine - I know I'm going against the flow here. But as far as I can see it, the only advantage a software firewall has over a hardware firewall is application blocking. And that is EXACTLY the kind of blocking that a particularly clever trojan would circumvent. Therefore I think that software firewalls give people a false sense of security - that's the problem. Use them by all means, but they are no substitute for a properly configured hardware firewall. Lugo & Parker put it better than I can.I am aware of L&P and most of it will go completely over the head of the average user. Their main slant is the difference between software and hardware firewalls whilst my slant is the need for the extra layer that a software firewall provides. They also presuppose that malicious software will somehow interact with a software firewall in order to lessen it's efficiency to a greater or lesser degree. In the main, that presupposition is false. To take their first example, how many LSP hijacker trojans are out there? In the grand scheme of things, they are very thin on the ground! Yes, a hardware firewall is a better method of fending off incoming attacks (Again, if it's properly instituted and maintained) but it is utterly useless where outgoing traffic is concerned and in todays climate, it's just not good enough. In their examples, not one popular hardware firewall would fare any better than a software firewall. In fact, the prognosis where a general purpose hardware firewall is concerned is very much worse than that where an average software firewall is concerned. Let's not forget that "application blocking" doesn't simply refer to a simple yes/no to a certain program in a well maintained setup! Just a few questions to consider: How would a hardware firewall prevent a trojan inside say, a zip archive being delivered? Now let's say that trojan is installed. How would that same hardware firewall prevent that trojan from connecting to say a web server or an FTP server?You have a point, of course. I prefer to rely on an up to date virus checker and common sense, but we can't assume that the average user has either. But then neither can we assume that the average user has a correctly configured firewall (software OR hardware). I think internet security will have to become a mandatory subject in schools eventually... Either that or make it illegal to surf without first implementing internet security...

Answer»

Hi guys.

I have just bought a domain from a company, but all I am looking to do with it, is to host one really simple webpage.
The cheapest the company (where I bought the domain) could offer me was there basic starter hosting package which is £34 (approx $50) for the year. I know this isn't much, but because I only need a very small amount of space, I wondered if there was an even easier and cheaper way to get around this.

Many thanks for any replies posted.
Kop442000The cheapest way, if you're already on broadband, is to host the web page on your own computer. Does that idea interest you?You can do that? How?Simply run a web server. Of course, it means that your machine must be running 24/7 and a good portion of your bandwidth may be consumed.There's just a little bit more to it than that, and I'm not sure the word "simply" is entirely appropriate in this context.

If you don't have a static IP address, you'll need access to a dynamic DNS service such as that provided by dyndns.org. Even if you have a static IP address, the DynDNS services allow you to convert that into something more memorable than numbers. E.g. I use pcproblemsolver.dyndns.biz.

If you run a web server within your home (or business) network and set up your router/firewall to allow traffic to reach it, the outside world can access your personal web site by that means. Doing things on a low budget, I would recommend running Apache rather than Microsoft's very poor Personal Web Server. Apache is free for download, and is very fast and well suited to almost all web purposes.

Yes, you will probably need to keep your web server and ADSL connection on permanently, but I think that still works out cheaper than most hosting options. And you can upgrade your web service for free - e.g. by adding PHP and MySQL, something that ISPs often charge extra for.

As for bandwidth, remember we're talking about upstream bandwidth here, i.e. from your computer outwards. Your broadband will typically be 1Mbps downstream (towards you) but much less than this upstream - 128Kbps or less is common. So you wouldn't be able to run an extremely popular web site over broadband. There just isn't enough bandwidth. It's plenty for most home uses however. People accessing your website from outsite will not noticeably slow down your own online experience, since you will usually have much more downstream bandwidth to spare.PS I may have my upstream and downstream muddled up there, but the gist is correct!!! Thanks for the posts guys.

Will have a think about all that.

Cheers.So, basically, if I run my own server people can only access it when I'm on my computer? Interesting... Um, I created an account and a host. How do I actually get the web site up there into the right place? Do I do that on the web site, or what?

[edit]Oh wait, I found that in HTML-Kit I can import a site from a URL, so I can work on it from there. I think. It's asking for Username and Password, and I put in my dynDNS username and password, but it won't accept it! Also, when I try to go to the service I created, it asks for username and password. I put them in, but it doesn't accept them! What am I doing wrong?[/edit]First of all, is it actually a website that you want to run or is it perhaps an FTP server for sharing files?

I run a private FTP server using Serv-U and No-IP. My address is ftp://myservername.no-ip.comJust an HTTP site. No downloads.

[edit]I should probably mention that I am working on parts of the site. It isn't yet complete, because I have some routine work to do on it. I would like to know how to do it so that when I'm done making sure that that table I made renders properly in all browsers I can, or making sure those hyperlinks work like they're supposed to, then I am able to put that site on there. [/edit]Dilbert, what web server are you using on your computer? And what DynDNS client are you using? (See the support section at DynDNS.) How do you connect to the internet? If you're using a router, have you ensured that external port 80 requests are forwarded to your PC?

Re the links - always use relative links, rather than absolute. It makes testing so much easier. That said, I often work on live sites (naughty) changing the files on the web server, rather than elsewhere+uploading and just test the changes as I go along.

Make sure you have the three big three browsers at least (Opera + Firefox + IE) for testing purposes. In the case of IE, it is better for security to run one of the "wrapper" browsers like Maxthon or Slimbrowser, which are based on IE. Quote

Dilbert, what web server are you using on your computer?

This is going to sound dumb, but I don't know. How can I figure it out?

Quote

And what DynDNS client are you using? (See the support section at DynDNS.)

I'm looking all over the support section, and can't find info on it. Thinking it would help, I installed the Official Windows Update Client. What on Earth do I have to do?

Quote

How do you connect to the internet?

At last, a question I can answer! I use a wireless connection to my mother's router, which is hooked up to her computer.

Quote

If you're using a router, have you ensured that external port 80 requests are forwarded to your PC?

Um... no... how do I do that?

(I thought I knew about this stuff. I kinda feel like a moron for not getting this.)

Quote

Make sure you have the three big three browsers at least (Opera + Firefox + IE) for testing purposes. In the case of IE, it is better for security to run one of the "wrapper" browsers like Maxthon or Slimbrowser, which are based on IE.

I have those three browsers.

Sorry for this guys, I don't mean to be such a hassle. Quote

This is going to sound dumb, but I don't know. How can I figure it out?

No problem. You're either not running one, or you're running Microsoft's Personal Web Server (a Windows component). In the latter case, uninstall it. In either case, get Apache and follow the installation instructions carefully. I'm afraid there's a bit of a learning curve, but I'm sure that won't put you off.

Now would also be a good opportunity to obtain and install MySQL and PHP. Then you have a very sophisticated web & database server running on your PC. If you want to get into MySQL, also obtain PHPMyAdmin. Invaluable for administering MySQL databases.

Quote

I'm looking all over the support section, and can't find info on it. Thinking it would help, I installed the Official Windows Update Client. What on Earth do I have to do?

That's what you need. It tells the DynDNS servers what your current IP address is (in fact the address of your router).

Quote

At last, a question I can answer! I use a wireless connection to my mother's router, which is hooked up to her computer.

Which router?

Quote

Um... no... how do I do that?

Varies from router to router. Grab the manual and look for "port forwarding". Assign a static local IP address to your computer (don't use DHCP) and then forward the incoming port 80 requests to your PC's LAN IP address.

Quote

(I thought I knew about this stuff. I kinda feel like a moron for not getting this.)

Don't be silly - if you've never done it before, why would you know? Playing and trying things is the best way of learning. Quote

No problem. You're either not running one, or you're running Microsoft's Personal Web Server (a Windows component). In the latter case, uninstall it. In either case, get Apache and follow the installation instructions carefully. I'm afraid there's a bit of a learning curve, but I'm sure that won't put you off.

I downloaded apache and installed it.

Quote

That's what you need. It tells the DynDNS servers what your current IP address is (in fact the address of your router).

Oh good! I got it right. That's a relief.

Quote

Which router?

Linksys Wireless-B.

Quote

Varies from router to router. Grab the manual and look for "port forwarding". Assign a static local IP address to your computer (don't use DHCP) and then forward the incoming port 80 requests to your PC's LAN IP address.

I think the setup for Apache said something about allowing port 80 and I chose it. Would that do it?

Quote

Don't be silly - if you've never done it before, why would you know? Playing and trying things is the best way of learning.

To give your PC a static IP, first find out its current IP address. (Network connections-->LAN-->Status). Then change the properties for the connection so that instead of being given an address/netmask/DNS server, you assign them manually. In fact you should be able simply to copy all of the entries from status; this will fix them.

Explanation: your computers are all on a subnet, and probably have IP addresses starting with 192.168.1. For example, the Linksys may be set up as 192.168.1.1 and then have a built in DHCP server that assigns IP addresses to the LAN, starting from (say) .10. Practice varies with each router. So your computer may have a current IP address of 192.168.1.11.

If you can get access to the router's interface (you'll need that later), you should be able to discover what IP addresses it allocates. It will usually only be a few (eg. from .10 to .20). If you can find that out, it is best to give your PC a number NOT in that range - e.g. 192.168.1.200.

You'll need to read the router's manual. It probably handles DNS requests for the LAN, so on your PC, enter the router's IP address as the DNS server (e.g. 192.168.1.1).

Whilst you're in the router, using the manual, set up port forwarding. All incoming requests on port 80 need to be forwarded to your PC's IP address (e.g. 192.168.1.200) on port 80. Make sure your PC's firewall allows incoming and outgoing connections on port 80. So long as you keep your installation of Apache up to date with the latest security patches, this is pretty safe.

Now your router has an external IP address - the one the rest of the world sees. To check to see if your web server is accessible to the outside world, first of all find out the router's current IP address (just use http://www.whatismyip.com/) and then enter that address in your browser's address bar, with http:// in front. You should see your web server (unless your router specifically doesn't allow that kind of connection).

Report back! OK, I'm a little stuck right at the beginning. I can see my IP address, and it's different from the one the DynDNS Updater has showing. OK, I'm going to leave a digit out for security, but:

My DynDNS thing says my IP is 71.111.188.2** because that's what www.whatismyip.com told me before I installed the thing. However, in my wireless connection settings, my IP is 192.168.1.**2. I can't find where to make it assign the address/netmask.DNS server manually on my Windows XP. My Local Area Connection is disabled because I have the wireless thing set up.

If it helps, this is what I see right now:

Quote

OK, I'm a little stuck right at the beginning. I can see my IP address, and it's different from the one the DynDNS Updater has showing.

Yes - that's correct. Your entire local network has only one IP address as far as the rest of the internet is concerned. The router does something clever called "Network Address Translation" to ensure that information is router to the correct computer on the network. Your local network has a particular range of IP addresses that is supposed to be private and not leak out to the rest of the internet. Article A. Article B. Those two articles will really help you understand what we're doing.

Quote

in my wireless connection settings, my IP is 192.168.1.**2. I can't find where to make it assign the address/netmask.DNS server manually on my Windows XP. My Local Area Connection is disabled because I have the wireless thing set up.

Your wireless connection is a LAN. In that helpful picture you posted, the two places you need to look are: 1. Wireless connection 3 properties - scroll that list down to TCP/IP -click it, choose properties. 2. Wireless 3 connection status - click the support tab.OK. I am certainly NOT in a good mood right now. I had this conversation with my mother last night:

Mom: What's up, Tim? You look like you got a lot on your mind.
Me: Well, I found a way to host my own web site for free!
Mom: What is it?
Me: If I create my own server -
Mom: No.
Me: ...
Mom: No.
Me: Why not?
Mom: Because opening our network invites hackers to get in. And if they do, they could get into my computer and trash that. (Her computer has a lot of financial programs, budgets, that kind of thing.)
Me: ...
Mom: Do you have security for it?
Me: Yes!
Mom: What?
Me: I have Apache... it's a piece of freeware -
Mom: *shakes head*
Mom: I want to see everything you got drawn out on paper so you know EXACTLY what you've got.

OK. Is there any way to PROVE this is safe to her?Yup. Go to Shields UP! and run their tests from any PC on your network. Also, feel free to invite her to come here. There are plenty of people here with I.T. qualifications and experience in securing networks.

It sounds to me like your mum doesn't really trust the hardware she's using - that's more of an issue, I would say. If she trusts the hardware, then opening up port 80 from the router to your PC, running a secure piece of web server software, should not be any problem at all.

Please note that Apache is not "freeware" - it is part of the open source software movement. That has considerably more credibility than a bit of free software. You may like to point out to your mum that the industry-standard piece of software you have just downloaded is used on the vast majority of web servers used on the internet. See the second graph on >this page< - Apache's share of the entire market - including security-conscious global corporations is holding at around 75%. There's a very good reason for that!

Your mum needs to realise that opening up a designated port in this way does not really make her network any less safe. If she is connecting to the internet with a computer that contains sensitive data, she must already ensure that she has adequate safeguards in place. An internet-connected PC has a presence on the internet. Your proposal does not change that. You are not "opening up your network". Neither are you sending and invitation to hackers.

Sorry if this scares your mum, but the hackers already know about your network, and they'll already be trying to find out what they can do about it. This is the same for every internet-connected computer on the PLANET. People run scripts testing every possible IP address and finding out what's there. They do this continually until they find a weakness. This is why security precautions are essential.

There is good news however; if you take all sensible precautions, then you can (for free) have basically government-standard security in place in your home.Ok. One step at a time, as usual. I went to Shields Up! and tested my first 1056 ports. My results:

ALL of them were Stealthed EXCEPT for Port 113, which was Closed. I'm unsure of how to Stealth it.

ALSO, I tried the file sharing bit. I am proud to say I put together this machine:

Quote

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and INTRUSION.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

[edit]I was unable to spam myself with popups.

I'm thrilled. Who says Norton sucks? I love the fact that I am so strongly defended. If I can get 113 secured, it'll be all I need to present to my mother: "Nobody can hack me, I'm safe."

As a side-note, she offered to allow me to host my site on her Verizon account. I didn't bother to point out I was likely to still need a server.[/edit]Dilbert, my antivirus I got online and all of my ports are stealthed, I didn't get any spam messages, and all my files are protected

I don't think it has to do as much with your anti-virus. (But then again I wouldn't know)It's not my antivirus. I have antivirus, but I'm referring to Norton Internet Secutity 2005, which includes a firewall. Also, your ISP can help with that, as well as Windows Firewall.

Now, how would I get Port 113 stealthed, then?Oh, Ok. Well congratulations on having a secure computer

As for how to stealth it I have no idea.Quick (simplified) explanation about internet traffic in your case Dilbert:

You ask your browser to bring up a web page - this is an internet request on port 80
Your computer talks to the router, and requests the web page
You router makes a "mental note" of which PC on the LAN asked for the web page. It then asks on the internet for the web page.
The web server responds, on port 80, to your router.
Your router forwards the response to your PC, since it knows your PC requested the response.

Now when you run Shields UP!! scans, it's a little different:

Your PC asks the router for a web page, on port 80
That web page responds on port 80, but it also starts scanning other ports
The unsolicited ports scans are dealt with by the router, and go no further, since no computer on the LAN requested them

Read the Shields UP!! explanation for why port 113 might not be stealthed (or need to be) here.

If you have a decent firewall built into your router, a software firewall on your PC is almost utterly redundant. In fact, they tend to induce a false sense of security. If a trojan can find its way onto your computer, it stands to reason that the trojan could be programmed to bypass or disable the firewall. Software firewalls just aren't that safe. Who says they are? The companies that make them. Yes, you do need to be a little cynical when it comes to matters of security.

Incidentally, I'm afraid you can't take the credit for having such a secure PC, since the Shields UP!! tests were probing your router, not your PC. Sorry!Oh, well. Even if I didn't do it, it's related to my computer, so... oops. Whatever.

(I will not let this thread be buried just because of that spam monkey)

OK, I've seen that page, and I downloaded ZoneAlarm but I still get a "Closed" response from 113. It says I can "hard stealth" it with my personal firewall. I have Norton Internet Security 2005; how can I do that?Re-read what I said above. The probe is not getting as far as your PC - it stops at your router. That's exactly what you want. It makes no difference what firewall you install on your PC therefore.

Besides, a stealthed port doesn't present a significantly greater advantage over a closed port. Script kiddies will run their scripts indiscriminately, not caring what response they get (if any).Rob, I'm afraid that I have to completely disagree with your "thesis" regarding software firewalls! In todays climate, a properly instituted and maintained software firewall is not only desirable, it's essential!
As one example, I'm just about to start work on a system that was "fully protected" by a new Netgear DSL router and it's firewall. It's absolutely infested! Not one of the infections that I have spotted so far has the ability to tamper with any software firewall in any way.

As far as GRCs tests are concerned, they are, like most of Mr Gibsons claims, somewhat laughable. If you want to run a port scanner against yourself, try NMAP via [highlight]NetMonitor[/highlight].Dilbert, your router may have inbuilt support for certain Dynamic DNS applications, check it out. If not, search for your router on [highlight]PortForward[/highlight] where you will undoubtedly find a ready made "recipe" for just about any application you need to run. Again, the use of static internal IPs is to be recommended.

In NPF, to make a rule, you need to go via:
Personal Firewall>Configure>Advanced>General>Add or similar.lmfao Shields Up!
I've just tested a port which I'm running a server on and a client is actually connected to it. According to GRC, it's fully stealthed!

The same test with NMap sends my firewall into a fit of frenzy. Quote

Rob, I'm afraid that I have to completely disagree with your "thesis" regarding software firewalls! In todays climate, a properly instituted and maintained software firewall is not only desirable, it's essential!

That's fine - I know I'm going against the flow here. But as far as I can see it, the only advantage a software firewall has over a hardware firewall is application blocking. And that is EXACTLY the kind of blocking that a particularly clever trojan would circumvent. Therefore I think that software firewalls give people a false sense of security - that's the problem. Use them by all means, but they are no substitute for a properly configured hardware firewall. Lugo & Parker put it better than I can.I am aware of L&P and most of it will go completely over the head of the average user. Their main slant is the difference between software and hardware firewalls whilst my slant is the need for the extra layer that a software firewall provides.
They also presuppose that malicious software will somehow interact with a software firewall in order to lessen it's efficiency to a greater or lesser degree. In the main, that presupposition is false. To take their first example, how many LSP hijacker trojans are out there? In the grand scheme of things, they are very thin on the ground!
Yes, a hardware firewall is a better method of fending off incoming attacks (Again, if it's properly instituted and maintained) but it is utterly useless where outgoing traffic is concerned and in todays climate, it's just not good enough.

In their examples, not one popular hardware firewall would fare any better than a software firewall. In fact, the prognosis where a general purpose hardware firewall is concerned is very much worse than that where an average software firewall is concerned. Let's not forget that "application blocking" doesn't simply refer to a simple yes/no to a certain program in a well maintained setup!

Just a few questions to consider:
How would a hardware firewall prevent a trojan inside say, a zip archive being delivered? Now let's say that trojan is installed. How would that same hardware firewall prevent that trojan from connecting to say a web server or an FTP server?You have a point, of course. I prefer to rely on an up to date virus checker and common sense, but we can't assume that the average user has either. But then neither can we assume that the average user has a correctly configured firewall (software OR hardware).

I think internet security will have to become a mandatory subject in schools eventually... Either that or make it illegal to surf without first implementing internet security...

Solve : Just One Page?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment