Ask Lemmy

Is it running on a dedicated machine? Than what's the worst that could happen? Say someone hacks your website and gains root access to your machine. Maybe they'll fuck up your website. Maybe they'll install some botnet software. But you can basically just flash your device and restart from a backup. No biggie!

The best defence, in my opinion, is awareness and a good backup plan.

But also, if you have a static website with no login or anything, a hacker can't login either. Maybe you've got an ssh connection? That's pretty secure, just make sure you've got it set up correctly and you've got a good password. Maybe you have some login from apache? Same as with the ssh, but if you don't actively use it, you could disable it.

Also !selfhosted@lemmy.world

Are that static pages or are they dynamic with written with some scripting language like php, python or ruby or so? Static pages without any programming are much more secure.

You should set up a schedule to regularly do updates and backups. Maybe even automate them if you can.

If you isolate the server from the rest of your network there isn't a lot someone can do if they do manage to hack it.

Since you're using Ubuntu you can probably sign up for Ubuntu Pro, free for personal use last I checked. This provides you with additional security updates. (I would suggest using the LTS branch)

Look into hardening your os and apache installation. Such as using certificate based authentication exclusively for SSH.

Put this box on a separate network (such as a DMZ).

Create regular backups and do recovery drills to insure it's working as expected.

If you're hosting static content it's a lot easier. If you've only opened ports 80/443 and don't have any kind of user input or scripting you're (probably) fine. Most likely you'd get DOS'd before someone would hack you. Assuming you're keeping your software up to date.

In general though limit what is exposed to the Internet. In this case don't open any extra ports.

If you want to be more secure (likely overkill for most threat models), treat your webserver like it's always infected. Don't do anything else important on it, and keep it segmented from your other computers with firewall rules.

Realistically no one is going to bother to hack you unless you're posting shit that makes people angry. You're mostly going to get prodded by bots looking for known vulnerabilities in Apache or the like, and you can stay protected with frequent updates.

If you're hosting something dynamic or with code like PHP or something with user accounts and the like, then it's slightly more complicated.

I’m an absolute rookie here who listens to absolute pros and try to understand stuff. Here’s what Ive got: You don’t want to do this from your home network. Ideally you have a VPS running some entry level (unsure but my guess is you filter humans from bots )stuff then tunnel back things from there to your home network. You can use other solutions to do this (i think) like clouflared with a d. Also having a static ip as a consumer is rare afaik so unless you did specifically requested your ISP your ip might change the worst possible time (this im talking from experience lol) Oh and ofc the modern problems like the ai scrapers who’ll do 300 parse a sec if there’s any info for them to feed on. That’s all the scary stuff I could muster from memory and exp. I hope it helps and I’m not sure about any of this but I believe these are topics you could look up and educate yourself also feel free to correct me anywhere here

Cloudflare has a free tier for their security services. Worth checking out IMHO -> https://www.cloudflare.com/plans/free/