I want to prevent people to access my website outside my home and my father's home. Is it a good idea to check the IP of the connection and to grant the access or is it easily breachable ?
As Jon Egerton already said, your method will work only if IP from your and your father homes are static.
Two other methods for checking allowed connections comes to my mind.
A Login Page requesting for username & password. The example assume you can use php.
Allow only clients with a Certificate installed. The example assume you're using and you can alter configuration of an Apache webserver.
Related
I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html
hope everyone will be doing fine.
I am having a problem with sending emails to other domains. I have setup SMTP server on one of the dedicated servers and all the applications on each dedicated server are using this only SMTP. Now emails are not being received on gmail. I have read somewhere that there must be SPF record added to SMTP.
I am just a software engineer and never worked on maintaining the servers or networking, so do not know what to do to add this record.
On many forums, I have read that you must add this using CPanel, I want to know whether can I add this by logging to the dedicated server or I really need CPanel to connect? (Actually I have also forgot the CPanel details, although have requested to hosting provider to retrieve)
Please help me, one might have to give me a detailed info as well as assistance.
Regards
An SPF record must be setup in the DNS zone where the domain is hosted.
Is that on your actual server or are you using external DNS hosting?
In case it's on your own server and you use 'bind', edit the DNS file located at /var/named/domain.com (where domain.com is your actual domain name) and set it up as followed:
domain.com. 14400 IN TXT "v=spf1 a mx ip4:192.168.5.10
~all"
** Comment: 192.168.5.10 is the IP of your mailserver
After this is done, restart the DNS server with /etc/init.d/named restart
To check if your SPF record is setup correctly, check it out via MXTOOLBOX:
http://mxtoolbox.com/spf.aspx
You fill in the domain name there for the domain where the SPF record has just been installed. If it's setup correctly, it will show.
One other small advice I have is to also work with DKIM (especially needed for good delivery to Hotmail).
Yes, If you are using cpanel on your server then you need to enable SPF through cpanel. OR you can use following command to enable SPF for your domain.
/usr/local/cpanel/bin/spf_installer cpusername
I have a computer lab with 21 computers connected through LAN
LAN server with IP - 192.168.0.1
I have Online Examination s/w running on all the client computers
That s/w is developed using vb.net having MySQL database.
(Of course the database is at the server only i.e. # 192.168.0.1)
What i want ?:
I want to prevent users of client machines from accessing MySQL database by using their web browser
like this-
http://192.168.0.1/phpmyadmin
P.s. - MySQL database must only be accessible through Online Examination s/w only.
The easiest way to secure PHPMyAdmin: Set auth_type to http in your config.inc.php and give an appropriate MySQL username and password to all authorized people. That way anyone can access PMA from anywhere in the network, but only authorized people can actually use it.
However, to do exactly what you're asking, you'll need to modify the Apache configuration on the server hosting PMA so that it denies HTTP connections to the PMA port, something like this:
<Directory "/path/to/PMA">
...
Order Deny,Allow
Deny from all
Allow from 127.0.0.1, 192.168.0.1
</Directory>
This isn't a very secure configuration, so you might want to do this in conjunction with the other security suggestion above.
This suggestion is only for PhpMyAdmin, and won't affect your Online Examination software. If that works before you make these changes, it should work afterward too.
I'm working on an application in VB.NET that has to connect to a MySQL database and FTP. How secure is it if I used it in an application that I gave to other people. E.g. if I was to let other people use this application would they be able to find out the MySQL and FTP connection details through intercepting packets or something like that?
If that's the case how can I work round this? Also, part of my application is an uploader for users to upload files, is FTP secure for that or are there better alternatives ways in doing that? My server is a Windows Server 08 if that makes any difference.
Thanks in advance.
FTP is plaintext. It is very easy to get user names and passwords just by packet sniffing. If the ftp is supposed to be secure rather look ay sftp or ftps solutions. These use SSL type encryption on the network layer. Never ever use a ftp server for sensitive information.
MySQL traffic can also be sniffed though it is considerably harder to reverse engineer the protocol. If data has to flow between client and mysql in a secured fashion you can configure mysql to use SSL certificates to encrypt the information. This will ensure security is of highest standards.
It depends, but as per Accessing SQL Server with Explicit Credentials article and it is applicable to MySql as well:
The recommended method is to store the predetermined user name and
password on the server, and then read it and add it to the connection
string at run time. An advantage of this technique is that your
application can access the database using different credentials under
different circumstances, depending on what it needs to do in the
database.
Security Note Never hard-code credentials as strings into programs in your application. Anyone who can get access to the code
file, even the compiled code, will be able to get at the credentials.
Security Note Always give a predetermined user name the minimal access privileges to a resource. Never use "sa" or any other
administrative-level user name. Always use passwords
I'm new to MySQL and I'm using a desktop DB management app called "Querious" to simplify the process while I learn.
I want to work on (mainly just structure & basic population) a database that's hosted elsewhere, but the host won't allow any remote MySQL calls on their server.
What is their reasoning for restricting MySQL calls to localhost only? Is this a security or a performance concern?
This is a security concern. The idea is that if people can't remotely connect, they have to compromise the system. Not just the files that hold the database information.
You may be able to request that just add your IP address to a trusted host file, but I doubt they'll do that either.
It's fairly common practice to not allow remote DB connections
I've run into this problem with GoDaddy where they implement this by default. You can change this, however, by indicating that you want to allow remote access. If you've already created your DB, though, you can't change it, so I would recommend creating a new DB and deleting your other one.
The reason why is for security. If only your app can call your DB, you don't have to worry about other people trying to access it.
Distill,
An improperly-configured MySQL instance is dangerous, whether the user is remote or local. This could allow malicious attackers to cause crashes or remote execution of arbitrary code (i.e., owning the machine).
You can use PuTTY to create a tunnel if it's allowed by the server so that your application traffic goes through ssh and then is forwarded to the correct port on localhost.