Webserver security software

Forum regarding Windows Software and Home Automation Domotica.
Post Reply
Rutger
Member
Member
Posts: 339
Joined: Wed May 19, 2010 8:48 pm
Location: Netherlands

Webserver security software

Post by Rutger »

Since a few weeks some unknown people try to logon on my Homeseer page (and maybe more, what I can't see).
Homeseer and the ip-camera's are secured with usernames and passwords ofcourse.
Only the neccessary ports (SSL) and some ports for real time camera viewing are open in de router.
It don't feel right, so I'm searching (this forum) for webserver software or something like this.

I don't want to gave access for a small amount of ip-addresses.... I read some stuff about htaccess files and apache software.

What for web/loginserver security software do you have installed or what are other possiblities to have more security?
My home automation blog: https://rutg3r.com
johnz
Member
Member
Posts: 144
Joined: Wed May 06, 2009 10:12 pm
Location: Netherlands

Re: Webserver security software

Post by johnz »

I think it will be complicated to set up a different webserver for Homeseer.
What about a VPN tunnel to your Fritzbox?
John
mhn
Member
Member
Posts: 399
Joined: Tue Jul 21, 2009 9:27 pm
Location: Denmark

Re: Webserver security software

Post by mhn »

Or move you web port to something like 35697. The attacker will have a hard time finding that.
Rutger
Member
Member
Posts: 339
Joined: Wed May 19, 2010 8:48 pm
Location: Netherlands

Re: Webserver security software

Post by Rutger »

Hmm, I thought I should be easier to install some webserver and behind this 'wall' some other software who is reachable from the WAN.
Maybe the VPN is the easiest way.
I'll look further.
My home automation blog: https://rutg3r.com
Art
Starting Member
Starting Member
Posts: 37
Joined: Wed Nov 30, 2011 2:54 pm
Location: Utrecht

Re: Webserver security software

Post by Art »

Rutger, it seems to me that what you need is a better firewall. This would enable you to define much more sophisticated rules to deal with incoming traffic, and even better to log attempts to access your network and deal with them appropriately. An example would be to detect port scans and ban the originating IP address altogether. Or, if it's an address within our jurisdiction, notify the authorities.
airox
Member
Member
Posts: 214
Joined: Sat May 15, 2010 10:42 pm

Re: Webserver security software

Post by airox »

You can also try to put an apache webserver in front of it and make use of mod proxy to proxy requests to your homeseer machine. You can then configure on the apache webserver the necessary security. HTTP basic authentication in combination with an SSL connection (startssl can provide you with a free ssl certificate). Use a named virtual host in apache so only a certain domain like "homeseersecretserver.yourdomain.com" is the entrance to your homeseer machine.

Hopefully I gave you a few pointers.
AshaiRey
Senior Member
Senior Member
Posts: 1310
Joined: Mon Feb 02, 2009 5:27 pm
Location: Netherlands
Contact:

Re: Webserver security software

Post by AshaiRey »

First question yourself, 'do i need my domotica server to be connected directly to the internet'
If yes then does it need also inbound traffic. Often it's not. It's only the case when you want to control your home while not at home.
So you have to be sure that it's you and only that's calling in.
Things to control this are.
vpn's
Port forwarding on your firewall.
Allowing only known ip addresses and mac numbers
SSL encryption.
Time frames and access windows. (droping the connection after a minute)
Prevent giving commands to your homesystem via email, phone commands, twitter, skype and such.
Just to name a few.
Bram
Post-IT
Member
Member
Posts: 448
Joined: Sat Feb 28, 2009 12:01 am
Location: Netherlands (Rotterdam)

Re: Webserver security software

Post by Post-IT »

If you decide to keep your server publicly available after carefully looking into the things mentioned above, you have several options:

- IPSEC VPN, take some extra work to setup on the remote location so not handy when using several computers
- SSL VPN, extra work on the home side but is easy on the client configuration
- changing portnumber will not change the risk or enforce security, it will only help you keep out of the spotlight of regular port 80 and 443 scanners
- using a firewall, restricting source IPadresses. You can use a software firewall on windows, but most ADSL routers support more specific firewalling. Juniper/Netscreen can even insert an authentication step for HTTP pages
- I'm not sure how the homeseer webserver works, but you might also be able to use clientside certificates (your client will have to present a certificate to authenticate instead of username/password).

I personally use an IPSEC VPN on my iPhone and don't use any webserver which is publicly available.
Rutger
Member
Member
Posts: 339
Joined: Wed May 19, 2010 8:48 pm
Location: Netherlands

Re: Webserver security software

Post by Rutger »

Thanks for all ideas. A lot of stuff to think about. At the moment ip address blocking is the best option. VPN is not always an option, especially at work. After appr. 6 months VPN is an option with my new phone.
My home automation blog: https://rutg3r.com
Post Reply

Return to “Windows Forum”