By Richard Rost 17 months ago
Can you run your own web server? Sure. Should you? Well... personally, I prefer lettings someone else deal with the headache of maintaining a server. There are upgrades, fixes, and most importantly: security patches. These come out all the time, and you have to be on top of your game if you're going to have a server that's exposed to the world. Let me share a something with you.
So this is a story about the one time the United States Air Force showed up at my house.
I was living in Buffalo, New York at the time and I'm going to say this was probably around 2004 or 2005. My new website 599cd.com was just getting started and I had a private web server of my own running Windows 2000 Server and IIS. I was renting space from a friend of mine who had his own business and his own high-speed connection: a massive T1 line. This was before the day where you could get $20 website hosting at GoDaddy.
Anyways, I had to perform all of my own server maintenance including security checkups, patching Windows Server, and all the things that I kept putting off and didn't really like doing but I was trying to save a buck so I did it myself. I was never very prompt at installing security patches.
My site was up for about a year and then one day I get a knock at the door there are two guys in full dress military uniforms! They asked for me by name and they asked if I run the website at 599cd.com. I said of course, yes. The one gentleman introduced himself as a lieutenant with US Air Force intelligence. He told me that my server was involved in an attack on some Pentagon servers.
This totally blew my mind.
Next they assured me that they were pretty sure that they knew I wasn't involved but they wanted my permission to install monitoring requipment on my server so they could track what was going on. I, of course, agreed to comply fully. They gave me a stack of papers to sign and went away. My friend called me up later that afternoon, "dude, you know there are people from the Air Force here looking for your server?" I filled him in.
I finally heard from the Air Force a few months later. It turns out that my server was hacked by someone in North Korea and they were using it as part of a network of computers to perform attacks on US military installations. Crazy huh?
I had thought that my server was running a little slow over the weeks before this was discovered, and I had run done some basic maintenance. My virus scanner was up-to-date. It was insidious, though, because the hacker got in BEFORE I installed a critical patch to prevent the exact hack they used. So unless you're on the ball with this stuff, hackers are smart. Maintaining a web server is almost a full time job.
Long story short... that's why since that incident, I've always gone with a company like GoDaddy where they perform the server maintenance and handle all the patches, and the upgrades, and the security. I would rather spend my time running my business than worrying about upgrading a web server.
I'm a computer expert and these hackers got by me!