Setting up a personal site on local hardware has been on my bucket list for along time. I finally bit he bullet and got a basic website running with apache on a Ubuntu based linux distro. I bought a domain name, linked it up to my l ip got SSL via lets encrypt for https and added some header rules until security headers and Mozilla observatory gave it a perfect score.
Am I basically in the clear? What more do I need to do to protect my site and local network? I’m so scared of hackers and shit I do not want to be an easy target.
I would like to make a page about the hardware its running on since I intend to have it be entirely ran off solar power like solar.lowtechmagazine and wanted to share technical specifics. But I heard somewhere that revealing the internal state of your server is a bad idea since it can make exploits easier to find. Am I being stupid for wanting to share details like computer model and software running it?
Is it running on a dedicated machine? Than what’s the worst that could happen? Say someone hacks your website and gains root access to your machine. Maybe they’ll fuck up your website. Maybe they’ll install some botnet software. But you can basically just flash your device and restart from a backup. No biggie!
The best defence, in my opinion, is awareness and a good backup plan.
But also, if you have a static website with no login or anything, a hacker can’t login either. Maybe you’ve got an ssh connection? That’s pretty secure, just make sure you’ve got it set up correctly and you’ve got a good password. Maybe you have some login from apache? Same as with the ssh, but if you don’t actively use it, you could disable it.