For many of us who work online, they tool that we use the most is our very own server. There are a lot of tools that we use throughout the day but probably none more so than our server. For some of us, we create the file that we are working on and then we put it on our server. But for many of us we create the file on the server itself and then use it right away. We use the server as a second computer and it helps us get our work done a lot quicker. This is especially true for people who use the combination of Linux plus Apache.
But while the server can be very helpful when it comes to getting our work done, there can be security implications as well. Our servers can give the bad guys security secrets about ourselves that we never wanted them to know. Some of these secrets are our fault because of how we set the server up and some of the secrets are because of the weakness in our server and how it was made. But if you are going to make a living creating web pages or server side software then you should get used to these security issues and then learn how to stop them. If you do not then you will find out that this will be something that plagues you for a very long time.
First of all, when you have a server that means that you are giving people partial access to the computer where the server software is stored. So when you are giving partial access, you are still allowing them to get a foot in the door. For example when you let someone visit your web page it is just like letting them onto the front porch of your house. If you are not careful they will find a way to step into the house without you knowing. And holes in your server software can allow that to happen. So if you want to stop that from happening, learn the security weaknesses in your server software and get in front of the problem.
But there are also some security issues that the server just likes to yell out to the public. And some of these problems at one point were considered a feature. Now they are just a problem that has to be dealt with. For example there is a setting in the Apache server setup that allows you to show server status on a normal web page. Whenever you want to know the status of your server you just visit this page and it will show it to you. The problem is that it will show your server status to everyone else as well. This page is public and both the good guys and the bad guys are able to see it. The page shows information such as the process ID, the CPU time for the pages to come up and the IP address of the people who visited the page. While most of this information is not important by itself it can be put together to cause problems by a black hat hacker who knows what they are doing.
So if you want to be safe you have to be sure that problems like this do not happen. You do not want the public to know anything about your server except the pages that it serves them. The less the general public knows about your page the safer you will be.
photo: Teneo Tech