I have a DSL Router and a DynDNS account set up on my OS X Server 10.2.2. I have absolutely no problems getting my site up and running but I am getting shut down by some idiots who love to f*#k with other peoples sites. My question is, can you set up a web server that is relatively safe from hacker idiots and not have to purchase a hardware firewall? If a hardware firewall is the only solution, is the watchguard soho good enough?

Can you give more information on how your site is being hacked and maybe some advice can be found here.

I can watch the activity from netbarriers log and activity window. I get constantly hit with nimda attacks which net barrier stops successfully. My site is up and works for a while and then after a day usually, my site is no longer reachable. If someone try's to access my site it does not show up. I try it myself from my other ISP to check and nothing shows. I am not sure if someone has found a back door or what. NETSTAT shows connections but I am not sure if they are OK or not being a *nix newbie. I changed all of my Passwords and have rechecked all of the ports and left only port 80, 548 and 21 opened. Other ports opened above 1024 are ports 2000-2010 for FTP pasv. I also have a port redirect set up on my router to redirect port 80 to my web port set up on my OS X Server. Port 80 is not the port I use for my web site. Is that a mistake? My question is can you run a web server safely without a hardware firewall. Is this info enough? If you need specifics, let me know please. Thanks for your response.

I forgot to mention that I have an additional ethernet card installed as I wanted to run the web server from another IP adress internally but I seem to have nothing but problems when it is activated. It is a AsantéFast PCI Model 690. It would seem that if OS X Server ran its services on a separate IP adress from the web server it would increase my security, or am I wrong on that?

Originally posted by repro
I changed all of my Passwords and have rechecked all of the ports and left only port 80, 548 and 21 opened. Other ports opened above 1024 are ports 2000-2010 for FTP pasv. I also have a port redirect set up on my router to redirect port 80 to my web port set up on my OS X Server. Port 80 is not the port I use for my web site. Is that a mistake? My question is can you run a web server safely without a hardware firewall. Is this info enough? If you need specifics, let me know please. Thanks for your response.

let's say your webserver is running on Port 8080 ... do you include the port in the URL when you try to access it ? Normally, most browswers by default only try port 80 (webserver) unless you direct them otherwise ... www.webserver.com:8080 ... as an example. Also, if that's the case, then you would also have to set up your router to reflect incoming:8080 -> yourmachine:8080. I hope that makes sense.


Jack

No, I don't use the port number in my URL as I do all of the Port redirecting over my router. I have had three web sites all running at the same time on different Ports and only one was accessible through the internet. I had set up a redirect in my router config for routing all port 80 traffic to the site I wanted accessable through the internet to the IP of my server running on Port 8081. I do not have it active, reasons known, until I can have some security. Once again I would like to know IS IT POSSIBLE to set up a web server safely without purchasing a hardware firewall. Anyone? If so, I am sure there are people on this forum that have a web server up and running securely will help me. If not, I am left no choice but to buy a harware firewall. Thanks for your reply.

Originally posted by repro
Once again I would like to know IS IT POSSIBLE to set up a web server safely without purchasing a hardware firewall.


OSX (10.2) does have builtin firewall support and that could be an option for you ... as for httpd security .... make sure you have your httpd.conf file set up with security in mind.

Jack

I have the built in firewall activated in addition to Net Barrier which is according to Intego, good to do. I have been in contact with Intego concerning this problem but they have a terrible support team. Can mods be made to the httpd.conf for security? What mods are neccessary? Sounds like we are getting somewhere.

Case closed. I ordered a hardware firewall today and that should solve my problems. Thanks for your response and your help.