I want to host my newly purchased domain on my W2K Server box - few questions...

[Tanner]

I purchased thetannersonline.com <---this is my whole domain name right? (.com is the TopLevelDomain, right?) I want to host it on my W2k Server box. I have broadband to it, plenty of space, and I'll figure out the actual webserving interface later.

1.) I get a dynamic IP that lasts for like half a friggin' year! so that's not too much of a problem, and it's certainly not critical that my family be able to see the pictures 24/365
2.) I have uninstalled AD so that I can change the domain name to the domain name that I purchased. Is this correct?
2a.) Am I supposed to Rclik on MyComp/properties/networking/ and change the domain name to thetannersonline.com ?
2b.) Then DCpromo my server back to a Domain Controller
2c.) Then give my IP to my registrar (godaddy.com)
3.) what do I do when my IP changes?
4.) Is it helpful if I run an DNS server on it too?
5.) Can someone recommend what to run my webpage w/ on this W2Kserver? I know apache is supposed to be great, like 85% of the webserver allegedly use it or something...but does it run on Win2k? Doesn't W2kServer have it's own WEb/FTP servers built? here's a REALLY phunny question: are they secure!!!?

If you would please help me out. I'm sorry for the lack of W2kServer intelligence here...as it's my first machine, I've clicked about everything 20000 times, and I'm not getting anything to werk... I've read everything on internic about DNS and how that all works, but I can't seem to fill in the holes in my slowly growing knowledge base.

Thanks in AdvancE!!!

God Bless
Tanner

 

[Nothinman]

You can only use AD for that domain if you have full control of the DNS server, because AD stores a lot of info in there and even uses illegal names so the nameserver has to either be MS' or told to ignore illegal names. Basically all you need is a box with an IP (have the DNS service point the domain to your IP) and something listening on it for whatever server you want to run. No AD required.

Personally (I'm a Linux guy), I wouldn't let the Win2K box touch the Internet, especially one running AD or IIS (Ms' web/ftp server).

If your IP changes you will have to have your registrar (or whoever's doing DNS for you) update their name servers, and then it'll take a day or so for the changes to get fully around the Internet.

 

[ttn1]

I'm a linux guy as well. Good luck with the monthly/daily patches. Be prepared to run a good virus checking software often. Also do lots of backups, you'll need them.

There are lots of windows guys here though, so they can help you out.

I run ipupdate to update my dynamic IP with my domain provider. They support dynamic updating of my IP. There are lots of update programs out there, I would just do a google search. They also forward all my email to my mailserver.

From my experience, IIS the win2K webserver is an abslolute security nightmare. Do everything in your power to learn how to lock it down before you open it to the world. Once it's compromised in the wild, you're pretty much in for a reinstall. Running FTP is just asking for trouble as well. I run linux with apache and OpenSSH for secure telnet/ftp.

 

[Tanner]

considerin' these two posts...I'm going to have to rewrite another post in here called:

"what do I do to setup my new domain on my linux box?"



I guess I'll just reformat it and stick RH72 on there and run Apache, eh?

I was also wonderin' if any of you have any experience w/ installing Plesk on your RH boxen for hosting (made "simple")

Thanks and God Bless

Tanner

 

[ttn1]

Nice choice. We bring another to(from) the dark side.

I don't have any experience with Plesk. Looks like an interesting software though. I use SSH for all my administration. I learned linux first by using it as a server, so I do all my admin stuff at the command line. I'm beginning to learn the RedHat GUI stuff, but I find myself liking the command line better.

I do have a few recommendation for your server though. RH 7.2 comes with openssh so your in good shape there. For connection from windows machines ssh.com has a very nice client that is free for personal use. It does both encrypted telnet and file transfer. You'll also probably want to install a database and PHP. I use MySQL as a database. For admin of databases I use PHPmyadmin.

For fun things if you want or have time to check out some software. I setup Postnuke for a website front end. Then within postnuke I run gallery to organize and display my family albums. It is an awesome picture management system. I also use phpBB as a forum for my family's discussions. Both of these programs are run as modules within postnuke.

One other thing I run is RIMPS. It takes a while to setup and requires some time and patience, but when it's working it is great. Imagine having all your mp3s organized and searchable through a password protected website. You can create playlists and play any song or playlist on demand. It's a pain to setup, but I haven't regretted the time I spent.

Well, that's my commercial for linux servers. I have been using linux for a little over 2 years, and opensource software has been my greatest hobby yet. It feels great to get this stuff working and help work out the bugs. It is also a very cheap hobby.

 

[watts3000]

Tanner stick to 2000 server. You'll be able to get your stuff up and runnung much quicker. Set up a linux box for testing if you want to play with it. I'm all about Microsoft products if your if you have a busy life you don't have time to go through a manual thick as a phone book to perform a basic task.

 

[Nothinman]

I'm all about Microsoft products if your if you have a busy life you don't have time to go through a manual thick as a phone book to perform a basic task.

And it's because you don't have to read anything to do 'basic' tasks, that nimda and such run rampant to this day.

 

[Tanner]

watts3000
I hear ya d00d...and I may do that in the meantime, but I think that my learning linux could actually open up job opportunities! ESPECIALLY if I know how to host SECURLEY w/ it! (that will probably take me a decade to figure out completely)

Nothinman

couldn't agree more! however, don't forget that we have other WONDERFUL tools like NORTON AV! w00t w00t! autoprotect is my FRIEND!!! (that and DENY write permissions to all shares/drives/ and all that crap!) <---admittedly, this is a HUGE hassle!

btw: got a NEW Question
depending on the answer to this one..I may have about 2000more!
hehehehe

 

[Nothinman]

Norton AV won't protect you from everything, unless of course they added support for telling you when you have software with security vulnerabilities. It would be trivial for me to write a quick program that listens on a TCP port and allows me to execute commands remotely after I break into IIS, and I'm sure that won't be picked up by NAV.

The fact of the matter is taking a default install of Win2K + IIS + whatever else and making it install is a long laborious process (unless you do it a lot and have scripts or sysdiffs ready). Setting up Linux won't be much shorter or easier since you're new, but you'll learn a lot more from it and it'll make future installations much quicker. I can take a Debian base install of ~80M and simply add what I want to use, opposed to taking a default install of Windows and removing what is potentially dangerous.

 

[N11]

The fact of the matter is taking a default install of Win2K + IIS + whatever else and making it install is a long laborious process (unless you do it a lot and have scripts or sysdiffs ready). Setting up Linux won't be much shorter or easier since you're new, but you'll learn a lot more from it and it'll make future installations much quicker. I can take a Debian base install of ~80M and simply add what I want to use, opposed to taking a default install of Windows and removing what is potentially dangerous.

It's all what you know really. Windows 2000 installs are relatively short and sweet, and an IIS installation can be done in a matter of minutes. The time it takes to properly configure a working server is entirely dependant on the users level of experience.

 

[Nothinman]

The time it takes to properly configure a working server is entirely dependant on the users level of experience.

That's why I said 'if you've done it a lot and have scripts or such setup'. And even in the experienced user's case the Win2K install will take a good bit longer because of all the updates you need to download and install and all the rebooting.

A very basic Debian web server would take ~20 minutes because an extreme base install of ~80M would take ~10 minutes to install and another 10 to install and config Apache, give or take some if you have to download the software. No reboots unless you want a custom kernel and the only default service would be portmap (for NFS) which is easily removed, and I can install directly off the Internet and not have to worry about any security updates after the initial install.

 

[N11]

A very basic Debian web server would take ~20 minutes because an extreme base install of ~80M would take ~10 minutes to install and another 10 to install and config Apache, give or take some if you have to download the software. No reboots unless you want a custom kernel and the only default service would be portmap (for NFS) which is easily removed, and I can install directly off the Internet and not have to worry about any security updates after the initial install.

I think you may be oversimplifying it.

A usable apache server including the OS installation is typically longer than ~20 minutes. Following a base install you'd need to compile apache, and then most likely load additional modules that are not included. Also compiling then configuring PHP takes some time.

We aren't taking into account some form of ftp server such as proftpd if it is necessary. Compiling/configuring this as well.

Don't get me wrong, linux is beautiful. Network Eleven is 100% linux reliant. But the process of getting a linux webserver into production takes a little longer than a seinfeld episode.

 

[Tanner]

I think that U 2 are both so far beyond experienced / intelligent that I want to just visit this thread and read the WORDS...man...

where the HECK do Uall get all this experience!?! I sure hope that U don't know this much from hobby computing! THIS should, if it's not, Nothinman, be your JOB! I know that it is for you N11

man..I really appreciate what you guys have had to say in here. and I think that I'm going to have to forgoe the gameserver that I was going to dedicate and put linux back on it and try to get something running on it...don't know what...but it's always been a dream of mine to make a CLUSTER! Even if it's only for like an hour I dont' even have anything to run on it...I just wanna tryit out

well..Thanks again guys! U guys really helped me out a lot! I'll be in touch w/ you both when I have Questions, if you guys don't mind

God Bless
Tanner

 

[Poontos]

<< The time it takes to properly configure a working server is entirely dependant on the users level of experience.

That's why I said 'if you've done it a lot and have scripts or such setup'. And even in the experienced user's case the Win2K install will take a good bit longer because of all the updates you need to download and install and all the rebooting.

A very basic Debian web server would take ~20 minutes because an extreme base install of ~80M would take ~10 minutes to install and another 10 to install and config Apache, give or take some if you have to download the software. No reboots unless you want a custom kernel and the only default service would be portmap (for NFS) which is easily removed, and I can install directly off the Internet and not have to worry about any security updates after the initial install. >>


20 minutes to setup a Debian web server? Come on, you can live with yourself leaving this post the way it is?

So after twenty minutes, I can have Debian installed with a web server daemon setup, all updates downloaded, and apache config files configured securily?

You think a Win2K IIS/Server expert could configure Apache in 10 minutes?

This is a very inaccurate time estimate.

As for Windows 2000 Server with IIS, there are some really nice step-by-step security hardening guides, e.g. Labmice.net

Patch wise --> Install SP2, Install SRP2, Install IIS Rollup, & and proably 2-3 more patches and you have ALL the patches necessary.

As you will see with your experience as it grows and various guides, security DOES NOT stop at just having all the latest patches.

Anyway, good luck whichever way you choose. Linux is great and so is a properly setup Win2K + IIS server.

 

[Nothinman]

<< A usable apache server including the OS installation is typically longer than ~20 minutes. Following a base install you'd need to compile apache, and then most likely load additional modules that are not included. Also compiling then configuring PHP takes some time. >>



That's why I said Debian, no compiling necessary as the server and all the modules are already packaged up. The main time would be doing the content, which is how it should be.



<< We aren't taking into account some form of ftp server such as proftpd if it is necessary. Compiling/configuring this as well. >>



Again there's no a whole lot to configure in an FTP server, unless you want to get really anal about it. I find most of the time the Debian default configs are very close to what I want.



<< I sure hope that U don't know this much from hobby computing! THIS should, if it's not, Nothinman, be your JOB! >>



Most of it is hobby, my job has a little Linux work, but not much and I learn almost all of this before that.



<< So after twenty minutes, I can have Debian installed with a web server daemon setup, all updates downloaded, and apache config files configured securily? >>



Sure, like I said install off the Internet and you already have all the updates. And the Debian default configs are locked down well, I have only ever found myself having to open it up a little to get things working.



<< You think a Win2K IIS/Server expert could configure Apache in 10 minutes? >>



That wasn't my point. Do you think a Win2K/IIS expert could configure Win2K/IIS in 20 minutes? I sure don't, but I do think a Linux/Apache expert could.



<< As you will see with your experience as it grows and various guides, security DOES NOT stop at just having all the latest patches. >>



I know this, but Debian's Apache comes with a very secure default installation as opposed to IIS which comes with virtually everything enabled for convenience.

 

[Tanner]

Poontos

THANKS for that link! that'll help w/ my Win2K AS box! I don't think that I'm going to put anything important on it, that way I can eventually open it up to the internet. Let myself get totally screwed over by whatever's out there and restart, hopefully learning some more from it...but man...those patches can be annoying, simply for the fact that it requires about 17 reboots! I must say, I DO love my fast connection though!

Nothinman
Don't feel like I'm just going to take the easy way out and serve off of my W2K box! I think that I'm actualy going to put it on my cyberwings account until I'm off campus and can seriously think about hosting... In the meantime, I think that I"ll begin piddling more w/ my linux box. Don't exactly know what to do w/ it...but I guess I could surf the internet on it! hehehehe

 

[N11]

That's why I said Debian, no compiling necessary as the server and all the modules are already packaged up. The main time would be doing the content, which is how it should be.


Debian's apache installation includes every single module ever written? It also installs the PHP as a dso during the process?

You've got the process of configuring apache which does not take 10-20 minutes. Determing the modules you need, and preparing a secure and functional apache web server takes time. Expert or not. Rushing it proves nothing.

 

[Nothinman]

Debian's apache installation includes every single module ever written? It also installs the PHP as a dso during the process?

They're not included by default but you can install any of them as DSOs, and yes PHP3 and PHP4 are both available. I'm sure you could find a module not included, but then you can install gcc and apache-dev (needed for apxs or whatever it's called) and compile it yourself and you still save the time of having to compile all of apache.

You've got the process of configuring apache which does not take 10-20 minutes. Determing the modules you need, and preparing a secure and functional apache web server takes time.

If you don't know what modules you need ahead of time it's going to take you longer no matter what. And like I said the configs supplied with Debian's Apache package are very close to what I want, few changes are needed (mostly adding vhosts) to be made.

It really seems as if you havn't used Apache, or maybe just Debian's packages are better than using the source. Or maybe I really am missing something, but I've been running a very close to default Debian Apache install for quite a long time on my home machine and have never gotten hacked.

 

[N11]

It really seems as if you havn't used Apache, or maybe just Debian's packages are better than using the source. Or maybe I really am missing something, but I've been running a very close to default Debian Apache install for quite a long time on my home machine and have never gotten hacked.

I guess I am just an idiot. Sorry for wasting your time.

 

[Tanner]

<< I've been running a very close to default Debian Apache install for quite a long time on my home machine and have never gotten hacked. >>



how do you know for SURE whether you've been hacked? I would certainly like to know this. I think that I'll especially need to know this for when my Apache server goes online (after my two finals I need to finish up today!) THEN this thread, or new ones, will be boomin' w/ questions.

I'm glad that U guys are still typin' on here so I can learn some more stuff and get some more perspectives

 

[Nothinman]

how do you know for SURE whether you've been hacked?

I had tripwire on the box for a while and I never got a message about changed files that I didn't change, then I moved the server to another box. The new box is an UltraSparc so all the normal buffer-overflow hacks won't work as they come packaged with x86 shell code.

 

[Tanner]

which one of these did you have runnin' on your Linux Box?



<< new box is an UltraSparc so all the normal buffer-overflow hacks won't work as they come packaged with x86 shell code. >>


Is an UltraSparc an IBM compatible type of PC?

"normal buffer-overflow" hacks - I thought that only some sort of super intelligent guy who knew all sorts of programming languages could hack like this... are there kiddie scripts for this kind of hack too? Or are there really like LOTS more ppl out there that know how to do that than I previously thought?

is the x86 shell code some sort of security feature?

(okay, I'm really going to put the mouse down and take a final now) Catcher in the Rye is the single most pointless book that I've EVER suffered through! But, @ least it's over!

 

[Tanner]

<< which one of these did you have runnin' on your Linux Box? >>



This one, I bet...

 

[Nothinman]

Is an UltraSparc an IBM compatible type of PC?

No, it's a Sun box made for Solaris, but Linux runs just great on it.

"normal buffer-overflow" hacks - I thought that only some sort of super intelligent guy who knew all sorts of programming languages could hack like this... are there kiddie scripts for this kind of hack too? Or are there really like LOTS more ppl out there that know how to do that than I previously thought?

It does require a lot of programming and system knowledge to come up with these things, but someone usually writes a small 'proof-of-concept' program so others can test for the problem and be sure it's not something specific to the finder's setup. Most of them just work with a 2 second compile and can be done by anyone. But also most of them have very specific targets, like Linux on x86 because of memory layout, cpu instructions, etc.

is the x86 shell code some sort of security feature?

No, when you overflow a buffer usually you have an oppurtunity to execute whatever is in a specific part of memory, the hard part is getting commands in there that do what you want. The shell code I mentioned is x86 instructions you put in that memory to make the program do whatever you want, if you put x86 shell code in memory on a non-x86 cpu (like my Sparc or Alpha) it'll just generate an illegal instruction and kill the program.

Yes I used the Open Source tripwire, there's already a Debian package for it so once again there was very little setup needed for me.

 

[Tanner]

MAN... I can't even believe that people can do this sort of stuff to boxes on the Internet! DANG...friggin' ridiculous! Its just phenominal! So, it seems as though, the only way to make something secure, for certain, is to run some sort of incredibly scarce system and Linux.

man...this thing has blown up so much in my face now. that I'm almost afraid to put anything on the internet! BAH! One thing is absolutely for certain, if I ever DO host my own stuff, it will CERTIANLY be on a different connection than my home network!!!!