1
I know its not really practical, but anyway recently I got interested in making my mac a server, possibly to host a blog, with WordPress. Right now I have a free DynDns account and host with gets the IP updated through the DynDns Updater application I downloaded. I have AirPort Extreme Base Station router, and it forwards port 80 to my mac's port 80. DHCP reserves 10.0.1.2 for my mac, so it will always get that local IP, and the port forwarding will always point to it. The firewall on my mac is turned on, although I'm not sure if that matters for this.
So anyway, with this setup, is that secure enough? Would there be a way that someone could hack into it? It would be impossible for someone to actually hack into the system (like all the files on my computer other then the actual webpage files read from the web server), right? I don't have remote login or SSH or anything like that turned on.
And about MySQL, I need that to use WordPress, and by default the root account has no password, and I've read that is insecure. But wouldn't you have to be on my machine to log into it anyway?
I'm just playing around with it now, and I just want to make sure I'm not putting the system in danger. Right now I'm not so much concerned about hacking into the web server, like deleting the web page files or something, but I'd like to here whatever you have to say.
And don't recommend that I use some free hosting service, the only reason I'm doing this is to see if I can get it to work and to learn about it.
If you could just explain a bit and answer some of my questions, that would be great. Thanks.
mk12
Posted 2009-10-19T20:42:21.987
Reputation: 2 432
How do I update apache? I'm using the apple packaged one, Apache/2.2.11 (Unix). And when you say "with all the security patches," those aren't things I have to separately download are they? – mk12 – 2009-10-19T21:04:55.280
And in MySQL, should I remove the two default anonymous account? One I think has root privileges. – mk12 – 2009-10-19T21:05:46.040
the easiest way for you to do that is to turn off the default apache, install macports, and use that apache. it will be more up to date than what comes packaged with os x. – mote – 2009-10-19T21:06:01.890
Yes, you should remove those accounts. Do a quick google for "securing fresh mysql install" - that will give you more than a few steps to do. – mote – 2009-10-19T21:06:39.253
Will it really matter that much if I keep my 2.2.11 instead of upgrading to 2.2.14? – mk12 – 2009-10-19T21:24:34.910
I used mysqladmin to change the root password to a very long one, and then dropped all the other accounts (''@'localhost', 'root'@'127.0.0.1', etc.) so there's only 'root'@'localhost', with the secure password. – mk12 – 2009-10-19T22:11:56.830
And then I'll make another account, with tight restrictions. – mk12 – 2009-10-19T22:13:14.097
How do I disable the remote login, or see whether its enabled? – mk12 – 2009-10-19T22:24:56.350
check your my.cnf file, make sure there is a bind-address line in there. there should be one in there by default, hopefully it is set to localhost. if you're running 2.2.11, you should be good, just keep an eye for any security updates. – mote – 2009-10-20T14:33:24.720