- Richie's Homepage - Run a website from home: Apache How to run your own website from home R R
 





The introduction below will give you a good idea of what you're doing. But if you're an expert and are aware of security issues, then just skip down to the actual download and installation section to begin installing your web server. But I strongly suggest you read everything that's presented in this article.

 Intro
 Running a website on a dialup connection
 Why run a website on dialup, if the site will be slow?
 Will you have to leave your computer on all the time?
 Will your phone line remain engaged permanently?
 How much will it cost to leave your computer on 24/7?
 How will people be able to contact you (ie. your url)?
 Can hackers break in if you host your own server?
 How do you know you're secure enough to be on the Internet?
 What do you do if you get disconnected often by your isp?
 Is it possible for too many people to hit your server at once?
 How much does the software cost to run your own server?
 Can you still use your PC for other things with server running?
 What about the operating system?
 Running a website on broadband (dsl, isdn, cable modem, etc.)
 Does the problem of dynamic IP also apply to broadband?
 Are there any isp restrictions on running servers on broadband?
 Besides ZoneAlarm, are there other firewall programs?
 What are cookies, and are they dangerous?

 The programs you will need
 Apache for Win32
 Download Apache
 Configure Apache
 Test Apache
 Add apache to your PATH
 Running apache as a service on Win9x
 Disabling Apache Service
 How to get a static url for your Dynamic IP
 Security
 Firewall: ZoneAlarm
 Installation and Configuration of an IDS

 How to prevent hot-linking to your images
 Ports

[TOP] What do you do when you need to run a website?

Most often if you want to do it for free, you sign up for an account and let someone else (eg. geocities, tripod, etc) host your pages. But if you can afford to pay, you sign up with a commercial isp (internet service provider).

The majority of free webspace providers will place huge, ugly banners on every page on your site.

It is common knowledge that sometimes the host of your sites won't let you upload certain types of files onto their server. So let's say you're a musician and you want to setup a website that will host your music in mp3 format... You're out of luck if your isp won't let you upload mp3 files.

Then what do you do? You look around for another isp that will allow mp3 files. Your new isp may allow mp3s, but have certain other unpleasant restrictions. Some of which are: inadequate disk space for your files, or placing a limit on the size of each file that you can upload. Assuming the filesize limit is 1MB, and you have a file that is 1.2MB in size, you cannot use that particular file on your site.

One of the most desired services by website owners is the ability to run cgi scripts. There are tons of free cgi scripts on the net, but you can't use them to make your site interactive and automated, because your isp doesn't allow you to run cgi.

What if there was a way to take away all of these restrictions?
A way to run any type of file you want?
The freedom of unlimited space?
The freedom of cgi, databases, php, etc?

Well, there is such a way. You can take away all restrictions put in place by isp's by running your own website from home. What is more interesting is that, you can do this with the computer and Internet connection you have now.

As a home computer user, you connect to the Internet one of two ways: dial-up, or broadband. Let's take a look at each one in turn.


[TOP]

Running a website on a dialup connection

This is the least desirable method. We all know that dialup connections are relatively slow, hence any website you run on this type of connection will be very slow on the Internet. Nevertheless, if you don't anticipate a lot of visitors, or you intend to run only a text based website, without images or media files (big audio, video, etc.), then you can still run your site successfully.

[TOP]

  • Why run a website on a dialup connection, if the site is likely to be slow?

    • Not everyone can afford fast broadband (dsl, cable modem, satellite, etc.) access to the Internet.
    • Some may be living in the boonies where broadband is not yet offered.
    • You may just want to host a text-only site. I remember not too long ago, most guys who ran BBS (bulletin boards), did it on dial-up connections. It worked since they didn't have the whole world logging in at the same time.
    • Although it is not wise to host huge files on a dialup connection, you can still include images and media files on your website. You do this by uploading such files to an external server. You can then link to those files from your site. Although this is a possibility, be aware that some webspace providers frown upon this practice, called hot-linking.

    [TOP]

  • Will you have to leave your computer on all the time?

    • Yes. There is no other way for people to connect to your computer and pull your webpages, if your computer is off.
    • If your computer has power management, you can configure it to go into sleep mode when nobody is requesting any pages, then wake up when there is any signal on the serial port (modem).

    [TOP]

  • If your computer is on 24/7, does that mean that your phone line will become engaged permanently, and nobody can contact you on the phone?

    • Yes and no. Yes your phone line will be engaged 24/7. However, people can still contact you on the same phone number and leave a voice message. I use a free service by callwave.com to take messages when I'm online. When someone calls you, the call gets forwarded to callwave.com, where the caller can leave you a message. That message is then downloaded immediately. The messages will be stored on your computer and you can listen to them anytime you want.
    • Also, you don't have to log off the Internet to make phone calls. You can use PC-to-Phone calls. Dialpad and Yahoo come to mind for such calls.
    • The ultimate solution will be to get a second phone line if you can afford it.

    [TOP]

  • How much will it cost you in electric use each month to leave your computer on 24 hours a day, 7 days a week?

    • The answer to that question depends on where you live, since the cost of electricity can vary widely from place to place.
    • It also depends on whether or not your computer has Power Management configured to save on power use during idle periods.
    • If you really want to know more about this, read my tutorial about calculating electric costs.

    [TOP]

  • When you run your site on a dialup connection, how will people be able to contact you (ie. what will your url be)?

    • Usually when you run a website, you have an address like, http://your-domain.com/. When you run your site from home, you can simply use your ip address, like http://128.206.xxx.xxx/.
    • The main issue with dialup is that your IP address is dynamic. Your IP address is your name on the Internet (and is similar to a telephone number) by which other computers around the world know where your computer is. Everyone must have an IP address to communicate on the Internet.
    • There are two types of IP: Static and Dynamic. Dynamic IP means that your IP changes everytime you connect to your isp. Click on the link above and read about dynamic ip, including why it is a problem when you want to run a website on it.
    • You can solve the problem of dynamic ip by getting a name for your website such as http://yourname.ath.cx, or http://yourname.dyndns.org.
    • You can even go a step further and register your own domain name, eg. http://www.yourname.com, and then apply it to the website you run from home. I will guide through the procedures for doing all of these later.

    [TOP]

  • Can hackers break into your computer if you host your own web server?

    [TOP]

  • How do you know you're secure enough to be on the Internet?

    [TOP]

  • What good is running a website on dialup, if you get disconnected by your isp after a few hours?

    • There are free programs you can install that will redial if your connection is ever dropped. I use CiDial for this. I also used DUNCE in the past.
    • Of course, your website will be inaccessible in the brief moment that the redial is going on.

    [TOP]

  • Is it possible for too many people to hit your server at once?

    • Yes it is. That will slow down your website so much that you may start to lose visitors. In fact, your computer could crash if too many people log on at once, and your system cannot handle the volume of requests.
    • Fortunately, you can limit the number of people that could be concurrently logged on. Once that limit is reached, anybody who tries to log on will be told that the server is busy.

    [TOP]

  • How much does the software cost to run your own server?

    • You will need a web server (I use Apache), IP updater, Redialer, firewall, IDS, Perl interpreter, Internet answering machine, and if you need them - PHP, MySQL, mail server, news server, etc. All of the listed programs are free.
    • The only cost you will encounter will be the electricity bill to run your computer, which will be between $2-$5 per month.
    • But don't forget also that your computer will need to be upgraded or replaced after a few years, since it'll be on most of the time.
    • It is also a good idea to invest in a tape drive for backing up your data for that inevitable day when your hard drive will crash.
    • Since your computer will be running all the time, you won't be there always to shut it down when you get a thunder storm. As you know, lightening can fry your system completely beyond repairs. Hence, it is really important that you invest in a UPS (uninterruptible power supply), which should also serve as a surge protector.

    [TOP]

  • Can you still use your computer for other things while your server is running?

    • Sure you can. All that your computer does is carry out instructions. It can't differentiate between instructions from the server and those coming from your keyboard. A computer can handle many instructions at once through multitasking or time-slicing.
    • Note however, that if you're gonna be getting many visitors to your website, your computer should be a dedicated server.
    • Your ultimate goal should be to acquire a real server - one with dual processors for true multi-tasking, scsi everything, possibly RAID hard drives, and of course, lots and lots of RAM. You only need this expensive setup if you're gonna be running a high profile website that'll serve tens of thousands of visitors a day.

    [TOP]

  • What about the operating system?

    • Excellent question. You should try to use an OS such as Linux, UNIX, or FreeBSD. Of course, these OS's also have a lot of vulnerabilities, but generally more reliable.
    • If you're not familiar with these OS's, use Windows NT/2000. Unfortunately, it is not advisable to use Windows 9x for running a server on the Internet, because it is easily penetrable. Hackers can use your Windows machine for participating in a Denial of Service attack without your knowledge. Windows XP has support for Raw Sockets that makes IP spoofing easy. Spoofed IP means that any malicious "SYN flood" attacks cannot be traced back to the originating machine. These terms may seem foreign to you. Don't worry. You don't need the information to run your web server. But it'd great if you can educate yourself later about them, which is the reason I'm presenting them to you here.
    • The bottomline is, if you must host your website on a Windows platform, get WinNT or Win2000. If you don't have these yet, don't worry. You can still learn about web hosting by installing every thing on Win9x (95/98). Once you have learned how it is done, you can now change to a more secure OS like Win2000.
    • The most common means of break in by hackers is if they find a way to install a backdoor (trojan) on your computer. The hacker will then be able to control your system remotely.
      • To minimize the chance of this happening: do not install software from unknown sources (eg. screen savers, computer games, email attachements, downloads from newsgroups, IRC channels, chat rooms, or websites.). Such software could be a virus. I'm sure you've heard of backdoors like backorifice and qaz. My ultimate advice is that if you do download stuff from sites you don't know, be sure to run it through an up-to-date virus scanner before doing anything with it on your computer. There was an incident of "False Upgrade to Internet Explorer" distributed by email. Such solicitations should be a red flag to anyone. Rather than install what you get in your email, visit Microsoft's website and download from there instead.
      • Keep an antivirus software active, and get the latest updates for it.
      • Validate digital signatures when provided.
      • Do not allow other people besides yourself access to your computer.
      • Install a port sniffer to catch any malicious activities.
      • Keep your firewall active at all times.
      • If your computer is networked, put a password on all shared folders, and make them read-only instead of granting full access. Also, share specific folders only, instead of a whole drive.
      • Exploitation of Unprotected Windows Networking Shares is good reading.

      Remember, a hacker for the most part has no way of installing a virus on your system, unless you're somehow tricked into doing it yourself, or someone else who has physical access to your computer does it. So keep your system under locks and keys. You may want to educate yourself about ways to get a virus. Here is a really good place to start your learning about the ways to get a worm/virus/trojan.. Go through all the navigation at the site - it is well worth your time. The website was developed by a Usenet Group alt.comp.virus and those people really know their stuff. http://claymania.com/safe-hex.html

      You can activate a screen saver whenever you leave your machine. Put a password on that screen saver to lock out internal intruders. You can also lock your keyboard/mouse, as well as disable commands like ctrl-alt-del, so that the user won't be able to do anything on the machine.

    • We often hear of systems being broken into. It's not always due to software flaws. Most of it can be blamed on the lazy system administrator who doesn't apply patches on time; who has weak, easily cracked passwords for access to system resources; who has the wrong permissions on files and folders (eg. ftp); or who allows other people access to the server, etc.
    • Sometimes flaws are detected on certain programs, which a hacker can use to take over your system. A hacker could install a backdoor by using a buffer overflow exploit. An example is the Backdoor.Sadmind, discovered on: May 8, 2001. It affected Solaris machines running Microsoft IIS server. This is the reason why you must keep up with the latest patches as they're released for your platform.
[TOP]

Running a website on broadband connection (dsl, isdn, cable modem, etc.)

Almost all of the advice given about dialup, also apply to broadband with a few exceptions. Since you're on a fast connection, you can host any type of files you want (images, movies, software downloads, etc). Also, you don't have to bother about your phone line, since broadband leaves your line free. You won't need the Redialer either, since you're always connected.

[TOP]

  • Does the problem of dynamic IP also apply to broadband?
    • Yes. If you sign up for a fast connection to the Internet, some isp's may assign you a Static IP address. However, most isp's still assign dynamic ip's.
    • If you're fortunate enough to have a static ip, you can do a lot more at home, eg. host your own name server.

[TOP]

  • Are there any isp restrictions on running servers on broadband?
    • Yes. Some cable modem service providers prohibit their customers from running any type of servers. So be sure to ask before you start setting things up. Unless your isp blocks default ports (eg. 80 for webservers, 21 for ftp, etc.), nothing prevents you from running your server. But the fact is that they scan computers on their network from time to time, and if you're caught running a server, your account may be terminated. And since most broadband providers have a monopoly over geographical areas, if your account is terminated, you may be out of luck getting connected again.
    • DSL and ISDN on the other hand, are specifically meant for small businesses who want to operate their own servers on the Internet. Therefore, if you have the option, get anything but cable modem.
    • Another reason for not getting cable is that you share your line with many of your neighbors, and your data could easily be intercepted and viewed. Also since you share your modem connection with many other people, your connection may be very slow when everybody is actively transferring data.
    • DSL does not have such problem because your line is solely yours. Your phone line is split into two. One carries data only, and the other will be your normal voice phone line.

    [TOP]

  • Besides ZoneAlarm, are there other firewall programs?

    • Here is a list of others:
      Windows: Eavesdropper, guard, Firewalls
      Misery, AtGuard, Norton InterNet Security, LOCK down, eSafe, Secure█, SurfinShield, WinRoute, ConSeal, McAfee PFW, NetLab, zone alarm, BlackICE, chopping tracer, NeoWatch, sphinx, GNAT box, Sygate PF, port Detective, Tiny PF, PGP Desktop Security, Gauntlet NT, NetWatcher, NukeNabber, L0phtCrack 3, YOU meter, NetPerSec, XploiterStat, TDImon, HTAstop, Script Sentry, Microsoft ISA, PC viper Script script-Checker, Look ' n ' stop, Norman PF, Privatefirewall, Freedom InterNet Privacy, DShield.org, myNetWatchman.

    [TOP]

  • What are cookies, and are they dangerous?

    • Cookies are text files containing your personal info placed on your computer by some websites you visit. According to cookie specifications, only the website that placed that cookie can retrieve it.
    • Cookies are often used to track how many times you've visited a particular website. Some websites use it to store info from shopping carts, searches, etc.
    • Cookies often have expiration dates, after which they can no longer be retrieved from your computer.
    • Since only the website that sent the cookie can retrieve it, you're not in danger. However, imagine that someone gains access to your computer. They also get access to your cookie information, hence the need to prevent other people from accessing our machine.
    • Unfortunately, some people use cookies for not so honest activities, which has mainly given cookies a bad name.
      • Some use it to display custom ads to you when you visit websites. A site plants a unique ID cookie on your system. Information about that ID is then sold to advertisers, so that when you visit sites, the ID is read from your computer and used to customize the ads you see. All of this without your knowledge or consent.
[TOP]

Installation & Configuration of web applications

With that background information, let's now take a look at the actual installation and configuration of the servers.

The following are the programs you will need:

Apache for Win32

Installation on Win95: You will need

Installation on Win98: You will need
  • MSI installer
  • DCOM98 Actually, win 98 comes with DCOM so you may skip downloading it. But it never hurts to upgrade.
These programs are easy to install. Just download them and double click to install. Then Reboot your machine when asked to. If you're planning to install apache on Win95/98, you will need "MSI installer" (It is already installed in Windows ME and Windows 2000). Download it from here: http://download.microsoft.com/download/platformsdk/wininst/1.1/NT4/EN-US/InstMsi.exe
  • Double click on the file to install it.
  • If your connection to the Internet is through dial-up, then you already have WinSock2 TCP/IP networking installed. This is required in order to install apache.

[TOP] The next step is to download Apache.

  • Follow this link, http://httpd.apache.org/dist/, then click on the link for a nearby mirror.
  • You can also go to the mirror page directly, http://www.apache.org/dyn/closer.cgi
  • Click on a download site closest to you.
  • Click on httpd
  • Click on binaries
  • Click on Win32
  • Download the msi file. There should be two of them, one is smaller in size. The smaller sized file does not contain the source. If you're not planning to see the source code, ie. the programming code, it is the smaller file you want to get.
  • Once the file has been downloaded, first make sure you're connected to the Internet (apache needs you to be online, in order to determine that TCP/IP is installed).
  • Double click on the apache file to begin installation. Accept the default installation location of C:\Program Files\Apache Group\Apache\, unless you have a reason to change it. If you do change it, remember the new location. The installation should be quick and painless.

[TOP] Configuring Apache

The Apache server is controlled by the information contained in a file called httd.conf. This file is located at c:/Program Files/Apache Group/Apache/Conf.

  • Open Notepad. Then use it to open c:/Program Files/Apache Group/Apache/Conf/httd.conf
  • Search for the line

    #ServerName new.host.name

    and replace it with

    ServerName localhost

    Then save the text file, and close Notepad.

[TOP] Testing Apache

Now we want to test to see if our installation was successful.

  • Click on Start / Programs / Apache httpd Server / Start Apache in console You should see a DOS window open up that says Apache/x.x.xx (Win32) running...

  • Now open up your web browser. In the address window, type http://localhost/

    If you get a page that says Apache is now installed, then congratulations, you're done.

  • Now just put all you html and image files in
    c:\Program Files\Apache Group\Apache\htdocs and you're done.
  • If you didn't get such a message, then read some likely causes below.

    First type the following into your browser http://127.0.0.1/ If that brings up the page, then the problem is with your HOSTS file. To solve this, Start / Find, then type host* and press Enter. One of the results should be something like Hosts.sam. Double click on it and open with Notepad. Add this line to the bottom of the file

    127.0.0.1 localhost

    Now restart Apache server. You can tell a running Apache to restart by opening another console window and running: cd "C:\Program Files\Apache Group\Apache" apache -k restart

    [TOP]Addding apache to your path

    The following info is optional , but if you don't want to have to type the full path to apache each time, you can make an entry in your into the AUTOEXEC.BAT file about this PATH. To do that:

    Start / Run. Type sysedit and press Enter. A window will open up with several windows inside it.

    Click on the window that says Autoexec.bat.

    You should find a line that begins with PATH (if not, see below). Put a semi colon at the end of the line, then type C:\PROGRA~1\APACHE~1\APACHE.

    For instace, lets say you currently have PATH C:\WINDOWS

    Your new line will now read PATH C:\WINDOWS;C:\PROGRA~1\APACHE~1\APACHE.

    Save it and close sysedit. To make the path update take effect, execute the following

    c:\autoexec.bat

    To find out the current PATH to see if it took effect, type:

    c:\path

    Now, the next time you need to issue the "apache" command, you don't have to type in the full path. Eg. you can type our earlier restart command as

    apache -k restart.

    Other console commands are

    apache -k start
    apache -k shutdown
    apache -k stop

What if your autoexec.bat does not contain PATH? In that case, add it yourself, and close sysedit.

PATH C:\PROGRA~1\APACHE~1\APACHE

Finally, click on START/PROGRAMS/ACCESSORIES/SYSTEM TOOLS/SYSTEM INFORMATION.

On the window that pops up, click on TOOLS/SYSTEM CONFIGURATION UTILITY.

Under the general tab, make sure there is a check mark in "Process autoexec.bat file. Click OK.

[TOP] Running apache as a service on Win9x

So far you have apache working in console mode, ie. when you start apache, a dos window opens up and stays up. But what if you want apache to run in the background without the dos window showing? To do that, you need to run apache as a Service.

The first step is to install the service. On Win9x

  • Close apache server, if it's running.
  • Open a dos console
  • Change to your apache installation directory, e.g. c:\program file\apache group\apache
  • issue the command

    apache.exe -i

  • Press Enter. The -i stands for install.
Once the service is installed, you should test it with

apache -n apache -t

If everything is ok, start apache with

apache -k start -n apache

You should see a dos window flash for a second, and then disappear. If so, congratulations. Your installation was successful! Now apache is running in the background, but only you know about it.

If there was a problem, and the service install didn't work, try this instead

apache -k install

Uninstalling Apache as a service

Just issue the command

apache -u -n apache

The next time you start apache, it will start and the dos window will stay up.

If the unstallation didn't work, try

apache -k uninstall

[TOP] Temporarily disabling apache service

If for some reason you don't want apache to run at startup time, but you don't want to uninstall the service, you can disable it temporarily.

Click on Start/Run
Type msconfig
Under the Startup tab, look for Apache
Remove the check mark next to it. Click on OK. You may be asked to restart your computer. Do so.

Whenever you're ready to restore the apache service, just put the check mark back, and restart.

Read all about running apache as a service in the manual at http://localhost/manual/windows.html. The manual will also provide you with tons of info about apache. Don't be lazy, read all the documentation over time.

That is all I'm gonna share with you about apache intallation and configuration. Read the following articles I've written to further your knowledge.

  • Configuring virtual host on apache: This tutorial will teach you how to configure urls to look like http://department.domain.com, instead of http://domain.com/department.

  • How to setup cgi on Apache installed on Win32 platform: Of course, you will want to run cgi scripts on your server. Most cgi scripts are written in the programming language PERL. So to run cgi, you have to install a program that can interpret perl scripts. This is a complete step-by-step tutorial on installation and configuration of free Active State Perl.

    In my case, I don't run any cgi scripts. I use PHP instead. I write my own PHP scripts to make my site interactive. Nothing stops you from using both cgi and php scripts together on the same site. What you do is entirely up to you. Some people may prefer cgi to php, since there are more free cgi scripts on the Internet than you will find for PHP.

  • A good site to visit for getting the maximum performance from your Apache server is http://www.apacheweek.com/

[TOP] How to get a static url for your Dynamic IP

We sort of touched on the issue of IP address earlier, and what problems it poses when it is dynamic. The problem of dynamic ip can be solved quite easily by getting a name for your site. Read this tutorial to learn how.

What is your url when you're on a static ip address?

If you're fortunate enough to have a static ip, you can simply run your site as http://your-ip/. Eg. let's say your ip address is 128.206.33.156. People can access your site as http://128.206.33.156/.

However, you can still get a name for your site, even with a static ip. Read this tutorial to learn how. Your name will be something like http://yourname.dyns.cx/.

What if you want to register your own domain name?

You can register your own domain name, such as http://www.yourname.com, and apply it to the site you run from home. To do this, you will need to run two Name Servers - Primary and Secondary. If you want to do this yourself, it means you must have two static ip addresses. A single static ip is a luxury for most of us, let alone two. So instead of running your own name servers, you can register your domain name, then delegate it to a free domain name service (DNS) provided by http://www.granitecanyon.com/. Later, we'll look at how this is done.

Is this only possible for those with static ip addresses?

Good question. You can register your own domain name, even if you're on a dynamic ip. To get that name to work with a dynamic ip, you will define a CNAME (canonical name) in your Resource Records, through the dynamic dns service, and all traffic will be directed to your home computer. First, let's look at how to set up a domain name on a static ip address. Then we'll look at how it's done with dynamic ip.

Step 1

Register a Domain Name

You can register a domain name through different registrars now. In the past, all domain name registrations were through the InterNIC, and typically cost $70 for 2 yrs. Competition has brought the price down to our advantage. See this page for a list of registrars and how much they charge. http://www.topregistrars.com/prices.html.

Besides the traditional .com, .net, .org, and .edu top level domains, you can also register domain names by country code. A list of such country codes can be found at http://www.ccRegistrars.com/countries.html. For example, you can register a domain name with the Christmas Island registrar and get a domain name like http://www.yourname.cx.

Another alternative is to register a domain name under the .us domain. These domain names are offered free of charge to businesses and individuals resident in the USA. The general address format is http://yourname.city.state.us. For example, http://flowers.los-angeles.ca.us.

OK. To learn more, visit http://www.ustld.com/

Once you've decided on what name you want, go to the registrar's homepage. The first thing you want to do is a Whois query to see if your name is still available (someone may have taken that name).

After choosing a name, you now go ahead and register it. You will be asked for your Primary DNS and Secondary DNS names. Since we will be using granitecanyon.com for both primary and secondary dns, enter the following info:

primary DNS name: ns1.granitecanyon.com, host NIC handle: NS21039-HST, IP address: 205.166.226.38
secondary DNS name: ns2.granitecanyon.com, host NIC handle: NS21040-HST, IP address: 209.166.62.198

Step 2

Go to www.granitecanyon.com to create your Resource Records (RR).

Click on Create primary DNS.

  • Under Domain/Zone, type the domain name you registered above, eg. sabyo.com.
  • Complete the two password fields and click the Login button. You will need to remember this password the next time you want to edit your entries.

  • The RR has two sections: SOA (start of authority) and RR. Under SOA, you will be asked for your email address to which messages can be sent. Usually you will have to send such messages back for verification.

  • RR, has information that is needed to direct all Internet traffic for your domain name, to the ip address you provide. So assuming your home computer has the static ip address 128.206.16.157, and your domain name is sabyo.com. Anytime someone requests http://www.sabyo.com, such request will be directed to granitecanyon.com DNS server, that will in turn forward such request to 128.206.16.157. Anytime your ip changes, all you need to do is edit your RR at granitecanyon, and traffic will be directed to the new ip address.
    
    ; Name Servers
    yourdomainname.com. IN NS ns1.granitecanyon.com. 
    yourdomainname.com. IN NS ns2.granitecanyon.com. 
    ; email address 
    yourdomainname.com. IN RP x.x.com. x.yourdomainname.com. 
    ; textual representation
    x.yourdomainname.com. IN TXT "X" 
    ; A Records, name-to-address mapping
    localhost.yourdomainname.com. IN A 127.0.0.1 
    yourdomainname.com. IN A 1.2.3.4 
    ; alias records
    www.yourdomainname.com. IN CNAME yourdomainname.com. 
    
    Everywhere you see yourdomainname.com above, replace it with the domain name you registered. Let's say you registered exoticonline.com, you will replace every occurence of yourdomainname.com above with exoticonline.com.

    Just as a matter of interest, IN NS means Internet Name Server. Leave the name servers as is in the above configuration.

    Under email address, you need to change x.x.com to whatever your email address is. The RP means Responsible Person. Usually your email will be in the format yourname@domain.com. But when entering this email address into your RR records, you replace the @ with a dot. So the example email address above becomes yourname.domain.com. You can have several RP entries here. That way, other trusted people,besides you, can update the RR records in future.

    Note: Be sure you include all dots as shown in the RR records. If you omit any of them, you will receive an error when the form is submitted.

    Under textual representation, you can include any text you want, and any emails you receive from granitecanyon will be accompanied by the text you enter here. This part is really not crucial to get the name working. For an example of what text to put here, click on the "Example" button beneath the textarea.

    The A records define all name to address mappings. 127.0.0.1 is the loopback address on your local machine. Localhost always maps to this address, and is used mainly for testing on your machine. The next line has the address 1.2.3.4. Replace this with your static IP address for your machine. This will be the ip address to which all traffic for your site will be directed. You cannot use a Dynamic IP address here. It must be a static IP.

    Alias Records let you give other names to names you will be using. For example, you are using the names: jake.yourdomainname.com, user-accounts.yourdomainname.com, complete-manual.yourdomainname.com. You can define aliases, also called Canonical Names (CNAME), for these three names as follows:

    j.yourdomainname.com. IN CNAME jake.yourdomainname.com.
    u.yourdomainname.com. IN CNAME user-accounts.yourdomainname.com.
    cm.yourdomainname.com. IN CNAMEcomplete-manual.yourdomainname.

    j, u, and cm can be anything you want. Whenever somebody requests the address http://j.yourdomainname.com/, they will be taken to http://jake.yourdomainname.com/.

    You can go further and configure MX (mail exchanger) records, which will allow you to receive email directly at home, on your domain name. But this is not a tutorial on DNS, so I'm not gonna go into too much detail. See the example file for how to configure MX records. Basically, you run an SMTP server on your machine that will accept mail for you. You also need another domain that will accept your mail, just in case your machine at home goes down. All the MX records you specify are separated by preference number that indicate priority. The MX records with lower numbers are tried first for delivery of mail.

    Before you go to the trouble of configuring MX records, you should ask your isp if they have port 25 open. If this port is blocked, you cannot receive mail at home.

    Here is an example of an MX record

    somename.yourdomainname.com IN MX 10 relay.hp.com

    This specifies that relay.hp.com is a mail exchanger for somename.yourdomainname.com at preference value 10.

    Once you've entered all the data, double check to make sure everything is correct, then click on Send.

    If there are no errors in your RR entries, you will receive emails that will tell you what to do next. After that, your domain name should start working in a matter of a day.

    So there you have it. Now you have enough knowledge to set up your own domain name to work with a site you run from home.

Can you use your own domain name on a Dynamic IP?

That is possible. You will need to do it through Dynamic DNS Service. We have already looked at how to get a name like http://yourname.dyns.cx/ for your dynamic ip address. Once you have the name, all you need to do to get it to work with your own domain name, such as http://www.yourdomainname.com/, is to go through the same process above with granitecanyon.com. You must include the same SOA, RP, A, and CNAME records. Then in addition, you should add another cname to the bottom, so that the final result will look like this:


yourdomainname.com. IN NS ns1.granitecanyon.com. 
yourdomainname.com. IN NS ns2.granitecanyon.com. 
yourdomainname.com. IN RP x.x.com. x.yourdomainname.com. 
x.yourdomainname.com. IN TXT "X" 
localhost.yourdomainname.com. IN A 127.0.0.1 
yourdomainname.com. IN A 1.2.3.4 
www.yourdomainname.com. IN CNAME yourdomainname.com. 
yourdomainname.com. IN CNAME yourname.dyns.cx. ;EXTREF 
Did you notice the new line we added at the bottom? What you're saying basically is that you want yourdomainname.com to be an alias for yourname.dyns.cx. The ;EXTREF is a way to tell the dynamic dns guys to use an external reference.

Goodluck!

[TOP] Security

Security is not just the concern of those running servers on the Internet. Any computer at all that is connected to the Internet is vulnerable one way or another. In my intro, I dug deep into some of the security issues you should be aware of, and also offered advice on how to protect yourself.

Now we're going to look at two securiy measures: firewall and IDS.

[TOP] Firewall

How does it work?

When first installed, it shuts out Internet access to all applications on your computer. No program can access the Internet. From that point on, you have to specifically grant permission to a program, before it can it can access the Internet.

Let's assume that you have a spyware installed, that monitors some data on your system, eg. monitors where you surf, then sends data back to the creator of that program. A good firewall will prevent that spyware from sending any data from your computer, unless you specifically grant permission. Of course, you wouldn't grant permission to just any program to access the net, until you're certain what that program is going online for.

The firewall I use is ZoneAlarm. There's a free version with enough features to make it effective. The Pro version has a lot more features for better protection of your system.

Let's look at another example of how a firewall protects your system. Assuming somehow, a trojan gets installed on your computer. The trojan at some point will need to access the Internet. As soon as it tries to do so, ZoneAlarm will block that attempt, and pop up a message on your screen asking you if you want to allow the trojan access to the Internet. If you don't recognize the program and what it does, the natural answer will be no (deny access). Once you find out the program is a trojan, the next step will be to remove it from your system.

That is how firewalls work. Firewalls have many more functions that you can find out for yourself by reading documentations.

Download and installation of ZoneAlarm.

  • Visit http://www.zonelabs.com and download the free version of ZoneAlarm.
  • Double click on it to install it like any other Windows file.

Configuration of ZoneAlarm

After installation, no program on your computer will be able to access the Internet. Even your web browser will be denied access. As soon as any program tries to connect to the Internet, ZoneAlarm will alert you with a pop up window, asking if you want to allow the program access. If it's a program you know and trust, eg. your web browser, you will say yes.

You can say yes, and if you don't want ZoneAlarm to ask you about that program any longer, just check the box that says to remember that answer. Do the same for applications you want to deny access to the Internet. Just say no when ZoneAlarm prompts you.

There's a lot more to know about configuring ZoneAlarm. Open the following file, and go through the tutorial - C:\Program Files\Zone Labs\ZoneAlarm\Help\ZoneAlarm_Help.htm.

[TOP] Installation and Configuration of an IDS

Rather than write my own guide on IDS(Intrusion Detection System), I've decided to provide you with one that I think is complete and clear enough to understand. There are many IDS programs, but the one I use is SNORT. Follow this link and get it installed on your system: http://www.snort.org/snarf2ksnort.htm. Find other documentation at http://www.snort.org/

As I mentioned before, make sure you have a strong AV (anti-virus software) installed on your system. Let the AV scan your entire system at least once a week. Also, use AV that automatically downloads and installs it's own updates. My AV has auto-protection feature that is always active. Nothing gets installed or changed on my system, unless I grant permission. Let's see where we are so far:

  • Your connection to the Internet allows you to send and receive information.
  • Through that connection, people around the world can log onto your computer and request webpages.
  • Apache web server answers all requests for web activities.
  • Interactivity on your site will be handled by cgi, for which we've intalled Active State PERL.
  • The name for your website is handled by Dynamic DNS, or you can register your own domain name.
  • A firewall, anti-virus software, and IDS provide security against attackers.
  • You now know ways to protect yourself against people who have physical access to your machine.

    Now let's move on to the more advanced, and totally optional topics. You can install PHP, MySQL, MOD_SSL.

    You can do some wonderful things on your website by running a database. I use MySQL.

    PHP is a scripting language that allows you to add incredible interactivity to your website. This bad boy works so well together with mysql, or any other database application. PHP isn't too difficult to learn. In no time at all, you would be doing things on your website you never dreamed possible on your own. Basically, anything that cgi can do, php will do it also.

    MOD_SSL is a module for the secure sockets layer. In short, it lets you provide secure data transfer. So for instance if you want to set up an online store and take personal info from your visitors, you will have more credibility in the eyes of your users if you provide a secure means of transferring that info.

    To use MOD_SSL, you will also need OPEN_SSL, and RSARef.

    All of the above softwares are free, and can be downloaded from the Internet.

    I will write a separate tutorial on the setup and configuration of php, mysql, and ssl.

    For now, take a look at my intro to PHP, and MySQL.

    Learn more about apache by reading the Manual

    Get a free AntiVirus program from http://www.grisoft.com/ with monthly updates.

[TOP]
How to prevent hot-linking to your images.

Using the Apache <Directory> </Directory> directive in conjunction with .htaccess file, you can restrict access to any directory on your machine.

I wrote a separate two-part tutorial about this topic.

To prevent access to your images, you simply create a separate directory for all your images. To prevent access to this directory by anyone outside 'domain.com', you could use

 
 <Directory /images/>
  order deny,allow
  deny from all
  allow from .domain.com
  </Directory>

Note the dot in front of the domain.com. For instance, if your domain is sabyo.dyns.cx, the directive will be

<Directory /images/>
  order deny,allow
  deny from all
  allow from .sabyo.dyns.cx
  </Directory>
Here is a practical example. I needed to prevent hotlinking to images on my site. The images include gif, jpg, jpeg, and png formats under the documents directory. My documents directory is c:\apache\htdocs. So, inside my apache httpd.conf file, I added the following:
<Directory "c:/apache/htdocs">
<Files ~ "\.(gif|jpe?g|png)$"> 
order deny,allow 
deny from all 
allow from .dyns.cx 
</Files>
</Directory>

Note how I used c:/apache/htdocs, instead of c:\apache\htdocs. Forward slashes are required under win32.

What is the meaning of the line

<Files ~ "\.(gif|jpe?g|png)$"> ?

It's simple, we've used regular expressions to describe the files we don't want hotlinking to. Basically, it says under the directory c:/apache/htdocs, disallow hotlinking to any filename that ends in gif, jpg, jpeg, or png. If you don't yet know regular expressions, find a good article now and familiarize yourself with it. It's inevitable. I elaborated a bit on it in my tutorial on .htaccess ( see below).

Save your httpd.conf file, then restart apache for the changes to take effect. Read the following to learn about .htaccess: htaccess user authentication

[TOP]


A short discussion about ports

The whole problem associated with being online boils down to one thing: data transfer. Whether you're using icq, running apache server, downloading something from the web, infected with a trojan horse, etc, each activity is happening through it's own unique open port on your machine.

Hence, it would be nice to know what ports are being used to move data in and out of your machine.

To find out, open a DOS window, cd to c:\windows. Type

netstat -an

If the ports are so many that part of it runs off the screen, try this

netstat -an > c:\windows\desktop\1.txt

This will output the result to a text file 1.txt on your desktop. So open 1.txt.

The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

The Registered Ports are those from 1024 through 49151.

The Dynamic and/or Private Ports are those from 49152 through 65535

You now need to see what is running on each port. Some viruses are known to run on certain high numbered ports, eg. trojan / wincrash /nds-sso, runs on port 3024; the popular SubSeven, and QAZ Trojans run on 7215 and 7597 respectively.

You should get a list of active ports on your system.

Viruses, just like system services, use ports. Look at the ports that are listening from the results of netstat.

53 (User Datagram Protocol [UDP]) - Domain Name System (DNS).

88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication.

123 (TCP) - Windows Time Synchronization Protocol (NTP). Note that this is not necessary for Windows 2000 logon capability, but may be configured or required by the network administrator.

135 (TCP) - EndPointMapper.

389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).

445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery.

3268 (TCP) - LDAP to global catalog servers.

One port for the Active Directory logon and directory replication interface (universally unique identifiers [UUIDs] 12345678-1234-abcd-ef00-01234567cffb and e3514235-4b06-11d1-ab04-00c04fc2dcd2), which is typically assigned port 1025 or 1026 during startup. This value is not set in the DSProxy or System attendant (MAD) source code, so you need to map the port in the registry and then open the port on the firewall.

If this url http://securityportal.com/firewalls/ports/ports1to500.html is still available, use it to get the full list of ports.


Caution!

Apache and Windows 95/98 offer no support for running the Apache service as a specific user with network privilages. In fact, Windows 95/98 offers no security on the local machine, either. This is the simple reason that the Apache Software Foundation never endorses the use of Windows 95/98 as a public httpd server.

These facilities exist only to assist the user in developing web content and learning the Apache server, and perhaps as a intranet server on a secured, private network.


This tutorial is still under development, just like numerous other projects I have. I often give priority to those projects that people send me feedbacks on.




Send me a feedback on this tutorial, so I can improve on it. Thanks.
Home|Comments, suggestions?



Copyright © 2001-2002 Richie's Tutorials All rights reserved.
Richard Akindele
Certified Computer Techinician.