Hi All, I 've setup a Rasp Pi home-based webserver, running Node js and Ghost (blogging platfo...

[G+_Darryl Gibbs]

Hi All,

 

I've setup a Rasp Pi home-based webserver, running Node.js and Ghost (blogging platform), and everything is running well.

 

But..

 

When any user accesses the site, when you go to a link it says (in the bottom corner of the browser) my actual home IP address, and not my domain name!  for example it says: 201.xx.xxx.xx/ghost... and not :my-domain.com/ghost.

 

I called my domain registrar, Hover.com, and asked for advice to mask it, and they say this is normally done with A-records, but I don't have these as its a home system.

 

Can anybody guide me in this??  Please??

[G+_Luke Militello]

I wouldn't worry about it. If you run a web server, a simple DNS lookup such as 'dig a my.domain.com' will give away your IP address anyway. When you advertise services to the Internet, they need your IP address in order to reach you. We only use DNS because humans generally remember strings of letters better than numbers. Regardless, I always find it funny when people worry about giving out their IP address. Trying to hide your IP address and still have people reach you is like telling someone to give you a call and not letting them have your phone number. The best you can do is keep things secure and an eye on your traffic; i.e. close all other ports you don't have legit services on. A NAT router can protect things like this unless you forward other ports or use DMZ. An IDS is better since they can do DPI.?

[G+_Darryl Gibbs]

Thanks Luke.  This server is literally only hosting a blog.  Maybe a silly question, but by having this the way it is (even it was letters) I'm making it easier to hack?  Any kind of safeguards I can look into?

 

Sorry but I'm a newbie to this server/hosting stuff

[G+_Luke Militello]

I guess I should ask the obvious though, who handles the DNS zone records for your domain?

[G+_Darryl Gibbs]

them I guess.  I supplied them only with my IP address.  I haven't given them ANY DNS info from my side.  Anything I should know here??

[G+_Luke Militello]

Normally a registrar will just park your domain using their DNS servers and you either have to create an 'A' record with them on their DNS or change DNS control to a third party DNS. They didn't happen create a DNS glue record pointing towards your IP did they? If they did, it would mean that your IP is also acting as the authoritative DNS server for your domain. What is your actual domain anyway? I can do a couple commands for you and see what is up.

[G+_Luke Militello]

I will say this, anyone capable of hacking you is surely capable of finding your IP from a DNS record. Regardless, they can just hack using the domain name and DNS will resolve it anyhow. It's all about security really and being smarter than "the other guy". :)

[G+_Darryl Gibbs]

ha ha..fair enough! :)

 

any tips on security from my side? software or something?

[G+_Luke Militello]

Having your domain display offers a few things though, brand recognition as well as constancy. Should your IP ever change, you can just update the DNS record and the change would be seamless to your users.

[G+_Luke Militello]

Well, if you want to go the IDS route, have you seen the episode with ITUS Networks and the iGaurdian? It's designed for home users, so I am not sure how it handles, initially, unsolicited web traffic. If you are behind a NAT and only have port 80 forwarded to your Rasp-Pi, it boils down to hardening the web server and making sure you don't have any vulnerabilities. The being said, making sure your NAT router has up to date firmware and nothing else is "exposed" to the WAN is a good idea also. I myself use enterprise rated gear and have never used DD-WRT, however being a *NIX based system, I would like to think it can run an IDS on it; such as Snort -- worth a look regardless. Perhaps that would be better clarified from someone that has experience with DD-WRT.

 

http://www.snort.org

[G+_Darryl Gibbs]

My setup is the pi only.. I'll check it out! Thanks Luke!