Script kiddies and servers running@home

| 0

This morning, Christoph gave me some good reasons not to run an HTTP server on port 80 at the same IP address that is used for surfing the web. Right he his, Yoda would say. The problem is, that everybody that sees my IP address in his logs might simply try to access the web server and would then know my real name (which is kind of unique in the whole world I guess). And who would want that?
One solution is to run the server on a non-default port – my first thought was 55555 “five fives”, nice isn´t it? But then again, everybody knowns my cute little domain name, without the five fives (gimme five!).
I planned to smoothly migrate the server to the new port. You know, stuff like running it on both ports simultanously, announcing the final migration in a week, having some sort of “excuse me, this server has moved, please contact the guy who ran it, if you know him, of course”, etc… Ok, enough “woulds” and “coulds”.
Here’s the solution I’ve chosen: If anyone uses the IP address to access the server, she will just see an error message telling her to use the “well known domain name” in order to access the real page.
The well known domain name is I got from DynDNS (cheers, guys!) which you cannot reversely resolve from the IP address. This way, the domain name gets kind of a password for accessing my site. Clever, right?
And here’s the trick: Apache virtual hosts. The “important parts” of the server configuration are like that:

<virtualhost *:80>
  ServerName *
  DocumentRoot "/var/www/ip-deny/htdocs"

<virtualhost *:80>
  DocumentRoot "/var/www/localhost/htdocs"

The default host is ip-deny that shows the “you are not meant to be here” web site. The other one is only shown, if you use the right domain name.
That´s it – how easy things sometimes can be ;-). So feel free to enjoy my site at the same spot it has ever been.