Originally published at: http://www.howtogeek.com/177129/beginner-geek-how-to-host-your-own-website-on-windows-wamp/
Hosting your own website doesn’t have to cost a monthly fee or require a lot of technical knowledge to setup. If you just need to host a small website that will only have a few visitors, you can turn your Windows PC into a WAMP server.
Good guide, bad sample markup. You didn't even specify a DOCTYPE or a character set. Not the best way to write HTML, really.
As this article is aimed at beginners, I'm surprised it doesn't mention anything about common security concerns associated with "putting your site online."
HTML doesn't require anything but an HTML tag and a BODY tag. Why add stuff that's not necessary, especially when introducing the topic to people who've probably never even done a View Source in Internet Explorer?
Aside from that: I've always believed that you should code the minimum required to achieve the desired result; if you are not using any advanced features of the browser, you're just transferring redundant data over the wire - increasing the overhead and extending the transfer time.
And let's not forget that you should never host a public web server on your home PC. You WILL get hacked and every computer in your house WILL be pwned.
If you want to host a home web server, set up a dedicated computer outside your firewall. It doesn't have to be a big one; a netbook or nettop will do. You could even use a Raspberry Pi.
Where a WAMP stack is handy is for hosting stuff for family members or for learning the basics of web site development. Forwarding port 80 to your inside network is something you should never do.
As the title of the sample markup would imply (PHP Test) it was merely some simple bare-bones code to check whether or not everything is setup correctly and functional. Anyone hosting their own site with this method likely knows how to code HTML/PHP or is using a CMS that does it for them, so including excess markup in this case would only serve to clutter the example.
Anytime you open your home network there's undoubtedly a security risk. This tutorial was mainly targeted to those needing to test some code or do HTML/PHP development. Apart from that, this guide would be good for serving up a website to a few visitors here and there. There are quite a few measures that can be taken to secure Apache further, but I feel that would be irrelevant unless someone is running a "serious" website, in which case they don't need this article and should just buy professional hosting for 10 bucks a month.
The article tells people to port-forward port 80. It doesn't matter whether you're doing "serious" work or just have a "hello world" page there. The danger is in having an open www port in the first place. As soon as someone figures out how to exploit the version of Apache in that WAMP build, your computer is pwned.
Opening common ports straight to a home PC is a bad security practice, and HTG should not be telling people to do this. At the very least, they should explain how to set up a proper DMZ and isolate their web server.
Anyone willing to go through setting up a DMZ would be better off paying a couple of bucks and getting professional hosting, it simply wouldn't be worth the hassle, and dedicating a PC to nothing but serving up a website would cost you in electricity what it costs to have it hosted somewhere.
If anyone is that paranoid, there are some common steps to secure Apache that have been done to death on all sorts of tech websites - Filtering by IP, running on a different port, requiring a login, etc etc.
I definitely see your point and I actually agree with you but I think for someone that just needs to share out a bit of web content with select people every once in a while, this is the most reasonable solution. I think the disclaimer that's already on the article "Before we proceed, please understand that hosting a website on an everyday PC and a consumer-grade internet connection is not recommended for anything beyond testing purposes and/or hosting a small website for a few visitors." should be enough to make people aware of this methods shortcomings. If nothing else, I'm sure a lot of geeks have always wanted to see what hosting your own web server entails.
Anyway, thanks for your posts and input!
Who cares if their simple server gets hacked, just re-image the machine.
Everyone thinks they have the most secret content and important server on the net. (LOL) (LOL)
@wilsontp @korbinbrown Yes, most people may already know how to write good HTML, but there may be some who just Google “make your own website” and find this, use the sample markup to make a larger project, and then wonder why the hell their website looks different in IE, Firefox and Chrome.
Sure, it may reduce data transfer, but if a few bytes of data can make a difference in how the page looks in general, I think those bytes are well used.
Just as a general remark when using WAMP and also having Skype installed, Skype will hog the port 80 if it starts first, making WAMP server unable to start. If your WAMP icon in system tray is orange and you can't figure out why it will not start, try closing Skype or other software first. I struggled for an hour before finding the reason the first time. Hope this help the unlucky ones.
If your worried about port forwarding, use Hamachi!
@korbinbrown The problem with your point of view is that it assumes two precepts which are not valid.
1] That everyone with a computer has the funds to operate additional expenses. Given the number of personal computer sales over the last four decades and the average earnings of computer owners [I'm not going to cite, the information's out there if you want it] there is a significant portion who might feel "ten bucks a month" is a bit of a crunch; especially when you consider that these people might have other things going on in their lives besides Hosting their own website which might also be costing "10 bucks a month".
2] You do not take into account the enormity of "search-related" information that pours off the web. Not everyone reading these articles are geeks or hacks. The greatest percentage of web-searching for information is not done by the knowledgeable, rather by people seeking quick answers and quicker results. They don't do a lot of research for their information, rather they rely on the "knowledge" of the person(s) who write the articles they read. These searchers are not looking for color, they are looking for the play-by-play. They skim the data to find the specific how-tos, not the cautionary statements.
With these two things in mind, I have to agree with wilsontp. The port-forwarding of port 80 is a bad idea. And while I agree that the markup is neither here nor there, your response to NSDCars5 is equally short-sighted. Given the amount of introductory material you give on WAMP, you acknowledge that the reader should be but do not require that they are, versed in the three aspects of the AMP.
Your opening statement...
"Hosting your own website doesn’t have to cost a monthly fee or require a lot of technical knowledge to setup. If you just need to host a small website that will only have a few visitors, you can turn your Windows PC into a WAMP server."
... is a reassurance that the method is simple and inexpensive. Pointing out the ability to elliminate the "monthly fee" supports my first point.
Your improper use of bold headings (being the only evidence of a new chain of thought) makes your cautionary statement...
"Before we proceed, please understand that hosting a website on an everyday PC and a consumer-grade internet connection is not recommended for anything beyond testing purposes and/or hosting a small website for a few visitors. Remember, the next time Windows Update needs to restart your system, your website goes down along with it – not an ideal situation for a serious website."
... seem a continuation of your comments on PHP. This validates my second point.
How to Geek is available to the general populace. With this in mind, it's articles should be written with geeks, newcomers, and casual perusers in mind. Technical writers are almost as bad as politicians when it comes to writing something understandable to the uninformed. In the current stage of the Age of Information, it is evident, and must be understood by every writer, that you can no longer "preach to the choir". You must consider the uninformed to be a greater part of you audience than the informed.
1] 10 bucks a month is on the high-end actually. Godaddy has unlimited storage and bandwidth for only 5, and I'm sure you can find it cheaper than that somewhere else. If they can't afford 5 bucks but can somehow afford the electricity required to power their computer 24/7, then this guide will work fine for them.
It's not as simple as, "An exploit is found for Apache, all the computers running Apache get hacked!" The majority of web servers run Apache. I've ran AMP 24/7 since 2008 and have never had an issue. That doesn't mean no one will, but I don't think a debate like the one in this thread is really worth it over something that will probably never happen anyway. Especially if they take the disclaimer's advice and only host a small site for a few visitors - their chance of being targeted decreases even further.
2] If you say forwarding port 80 is a bad idea, what do you suggest then? Keeping quiet about WAMP's just because of the small security risk? Doing anything on the internet is a security risk.
In the end, the article does exactly what I wanted it to. It shows you a free way to host a website on Windows. If you're not satisfied with that, then pay 5 bucks to have a team of professionals do it for you. I'm not trying to be rude, I just can't seem to grasp what you guys expect out of it.
Ok, don't get defensive, I was merely pointing out the validity of the statements the others made. But it seems that the only true issue is the risk of using 80. There are a lot of questions about the security of port 80 when you get down to it. But as it is, it's only one of 4096 "listeners".
One of the problems is that it is the most commonly used listener Some 50-65% of all web applications and traffic use port 80. It's not, however, as vulnerable as some people think. On the other hand, it is more vulnerable than other people think. But servers use 80 and that's the rub. How can we get off 80? It would be nice if there were other ports that could be used for a server. I don't have an answer to that. So we need someone who does.
You are, of course, correct about the overall risks involved with using you computer for anything more than a word processor.
Didn't mean to get you riled, it was, for the most part, a good article. But then, every article can be torn to shreds given enough time to pick at it.
All in all, well done. Sorry if I came across a bit harsh.
@korbinbrown all I am saying is that if you're setting up a web server that can be accessed from the public Internet, you should use a second subnet, also known as a DMZ, and you should not use a computer you use for your daily tasks. Hosting an internal web site is not a problem; it's just when you start forwarding www ports to your desktops that you run in to trouble.
@static, my problem isn't with port 80 per se. It's forwarding ANY port to a web server. 80 just happens to be the most common one and the one most likely to be attacked.
I'm just saying that I'd hate for someone's Windows box to get hacked and the victim blame you guys because he read an article that tells you how to open up your network without addressing any of the security concerns of doing so.
@static Don't worry, I wasn't offended/mad or anything like that, just wanted to debate with you guys about the security of this. I appreciate your posts and input.
@wilsontp Yeah, I'm going to add "How to Secure an Apache Web Server" to my list of article ideas. I can definitely see the need for more attention to security when it comes to this, so thanks for bringing it up.
This topic was automatically closed after 10 days. New replies are no longer allowed.