any 100% secure web server?

[baskins]

I'm well aware that not just a web server, but a computer, can't be 100% secure..

Even if it's disconnected from the internet, it's not 100% secure.

But the subject of my post, had that about 100% secure.. And I can't change that. The rest of what I wrote did explain further.

Including the facts I just wrote above. So really no need for people to keep bringing it up again and again. Indeed, most people that talk of a 100% secure computer, are the kind of people that don't know binary.. I mentioned it once in the subject, and if I could change that subject to remove that, I would.


I am actually well aware of setting up a web server and configuring a firewall to the basic level of detail that has been suggested. I've done it myself before. I didn't have any problems doing so..

It'd be good to have a more advanced firewall that would let me restrict things at the HTTP level.. Though that wasn't anybody's suggestion other than my own. And it'd be good to have had more insight into the security issues.. though I haven't had it this time..

aprelium, looks interesting.. I hadn't heard of it..though i'm not too fussed whether I go with that or a more well known name like apache...

jack- I would consider the hiring option if the company give good access to the server log.. i've made an enquiry..

 

[JackMDS]

jack- I would consider the hiring option if the company give good access to the server log.. i've made an enquiry..

The server uses Direct Admin.

The stats are excellent, and log records every hit on the site giving you the url and timeof the hit, detailing every page/object that the Visitor looked at.

This is the support site of the appliance, http://www.site-helper.com/stats.html

The logs are under the control of the site's admin/owner.

 

[imagoon]

That while you're not sure whether a program would have an infinite number of variables.. You think that there are a huge number of "combinations of variables" that it is impossible to test to ensure no buffer overflows. Very good, A star. Creative thinking.

Now, if you read the above, you might realise that you were being silly..

I don't think you have the foggiest idea what a variable is.. imagoon may well have some idea.. But you probably have less. How many variables have you ever defined?

If you think I was talking about defining variables inside C# or ASM then your definitely limiting your scope.

Variables can be anything (esp with a program):

CPU type: Variable
network card: variable
OS: Variable
LIB and Includes: Variable

There are tons more. Even if you wrote a 'hypothetically perfect' program that couldn't overflow, what about LIBc? What about your CPU? What about the baseboard management system it sits on?

I mean people have already overflowed NIC cards to grant root access to systems, as well as common routines running in LIBc. Some of the biggest devs building Apache and IIS can't even tell you how certain patches are going to interact, let alone even have the foggiest idea on how to test them properly.

'Variable' is an exponential equation, every additional one = double the work. Do this over a few thousand variables, programming or otherwise.

 

[robmurphy]

The answer to this problem would appear "simples". The OP knows so much about coding and software testing they can write an simple application to parse all the web server input. The OP can then test the web server for all of this input, and can confirm for themselves no buffer overflow occurs. As the application would be coded by the OP they could make sure there is no code that can generate buffer overflows. In my experience in C this is not difficult, its down to how the code is written and how "defensive" it is. Checkout how lazy the C compilers are and it might give a clue.

One other point. No large computer system is ever completely free from faults, that's a fact not opinion.

Rob.

 

[baskins]

that looks good jack, thanks..

Are you saying web hosting company dixisys.com uses directadmin..GUI access to their web server? it looks good..a good deal. and good logs.

imagoon.. interesting examples there.. I could imagine how perhaps some of those , are not that easily avoided by the programmer..certainly if there's a fault where the hardware messes up with totally regular looking data.. it's unexpected, or an accepted risk, and there's nothing practically speaking at the time, that the programmer can do.. especially if the software is being used on a variety of hardware..and besides.. buffer overflow exploits in libraries would make things look rather difficult!

 

[ViviTheMage]

lighthttpd works pretty well ... but nothing is "100% secure", even from buffer overflow problems.

A side note about Direct Admin, DA is similiar to cPanel, where in it's an "all in one" managable interface for your web accounts. If it's for ONE website, you may want to consider managing it yourself, without a panel like that.

DA also has a monthly fee.

 

[Red Squirrel]

Most of the decent control panels costs money. I've been working on one but it wont be ready for a while. I'm still working on the back end of things at this point and have not gotten it to do very much. Cpanel is nice, but it costs an arm and a leg.

 

[ViviTheMage]

cPanel is roughly 11.99 for a VPS, or 34.99 for a dedicated server...now if you get on a shared hosting service, it's typically included.

DA is roughly $5, regardless if it's a VPS or Dedicated server.

There are multiple free control panels out there...if you're going to run your own web server.

 

[JackMDS]

I mentioned the DA in relation to using an external Hosting service.

The service that I use is providing it as a part of the $3 a month paid for the Hosting.

DA has better Stats and Logs than cPanel

 

[ViviTheMage]

I mentioned the DA in relation to using an external Hosting service.

The service that I use is providing it as a part of the $3 a month paid for the Hosting.

DA has better Stats and Logs than cPanel

How much more detailed are they then cPanel? I always preferred cPanel..they also have much, MUCH better support from an administration standpoint.

 

[baskins]

a lot of the features I see on DA, seem beyond a web server .. like "email accounts".

say I look at a web server hosting elsewhere..
Main thing is I want a web server I can upload to, and I can view logs showing what ip accesses what file at what time. Are there any free ones that offer that?

 

[ViviTheMage]

Maybe consider a VPS? You'll see a lot more information then you would on shared hosting.

Some VPS companies, offer managed support as well...so they can do/help install plugins/applications for you.

 

[baskins]

I don't need all this managed support stuff.. No need for applications or anything.

I'd like access to a free web server, with a log. Nothing fancy required.
I don't need much more than putting 10MB on it.. An HTML file, a few pics. Just a web server. No PHP server.. no fancy statistics.. No emails.. just as web server! -with a log-
no fancy analyzer on the log. I can read a log. that tells me IP, date/time, file.

 

[ViviTheMage]

I don't need all this managed support stuff.. No need for applications or anything.

I'd like access to a free web server, with a log. Nothing fancy required.
I don't need much more than putting 10MB on it.. An HTML file, a few pics. Just a web server. No PHP server.. no fancy statistics.. No emails.. just as web server! -with a log-
no fancy analyzer on the log. I can read a log. that tells me IP, date/time, file.

That wont happen, unless you host it yourself.

 

[Tbirdkid]

Look at the inheritance of the word security.

The reason for security is to try to lock everyone out, or maintain a specific list of people or things to be able to access something. No matter how big the lock, there is always a way to get in. The lock just keeps someone honest...

Lock it down the best you can, and let it rip. Also, as someone else has mentioned, if its for pictures, just use picasa or webshots, or some hosted solution. Way easier, and better for you and availability is better.

 

[JackMDS]

Web server as described by the OP does not need any fancy computer.
Any Junk with Win 2000 and above can be used.

Do not put on the Hosting computer any thing that if compromise it will troublesome for you.

http://www.ezlan.net/serving.html

http://www.ezlan.net/myip.html

This thread already includes few solutions. At this point if you are serious about it, start trying and make your own mind otherwise it starting going in circles.

 

[baskins]

That wont happen, unless you host it yourself.

there have always been a lot of companies offering free web hosting.. just no access to the log.

you get a log with services like the $3 a month one jack mentioned,, but $3 a month is a bit much to spend just for that.. $3 a year perhaps!

 

[JackMDS]

baskins you really do not have to do anything

Be comfort that you initiated a nice thread.

With 410 views, there are probably people in the background that read the posts and can benefit from the discussion here. :thumbsup:

 

[ViviTheMage]

there have always been a lot of companies offering free web hosting.. just no access to the log.

you get a log with services like the $3 a month one jack mentioned,, but $3 a month is a bit much to spend just for that.. $3 a year perhaps!

Yup, understandable since you aren't going to be using many resources. If you want, I could throw you on one of our web servers for $10 a year.

 

[xSauronx]

I don't need all this managed support stuff.. No need for applications or anything.

I'd like access to a free web server, with a log. Nothing fancy required.
I don't need much more than putting 10MB on it.. An HTML file, a few pics. Just a web server. No PHP server.. no fancy statistics.. No emails.. just as web server! -with a log-
no fancy analyzer on the log. I can read a log. that tells me IP, date/time, file.

sweet jesus, if you need practically nothing and want to throw up a few pics, a facebook page or wordpress blog or something similar and free might work. why the insistence upon a log though if you just need to show off a few pictures here and there?

 

[n0cmonkey]

baskins you really do not have to do anything

Be comfort that you initiated a nice thread.

With 410 views, there are probably people in the background that read the posts and can benefit from the discussion here. :thumbsup:

If they can get past the first page of nonsense...