Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Security question
Google
Post new topic Reply to topic
Author Message
Costaud
 
 


Joined: 10 Feb 2007
Posts: 1

PostPosted: Sat Feb 10, 2007 12:19 pm Reply with quoteBack to top

Hello,

I'm wondering if installing Apach2Triad will make my PC a server that anyone can access it?!

I just want it as a personal server (localhost), to test my scripts locally.

Please advise.
View user's profileSend private messageSend e-mail
lku homer
 
 


Joined: 29 May 2006
Posts: 104

PostPosted: Sat Feb 10, 2007 5:34 pm Reply with quoteBack to top

No, just installing A2T will not automatically open up your computer for the world to see. The default install doesn't open automatically set your "server" as open, in fact if you look around, most people can't get it to open up even when they are trying to.

As long as you don't open up your firewall to the outside, you server will not be able to be accessed by anyone outside your localhost.
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
gizmo7
 
 


Joined: 16 Apr 2007
Posts: 7

PostPosted: Mon Apr 16, 2007 5:24 pm Reply with quoteBack to top

I'm having the same question...does someone here know the answer?

You see I run a few sites, and one of them is a blog. Now I'm new to the blog community, but I did join MyBlogLog, and here I forgot and I placed their tracking js code on my test (mirror) site on my PC. This is all just for tests, nothing more, as in customizing the look and feel or testing whether a plugin works...for my WordPress site.

So anyway,

I realized something was not right when looking at my stats inside MyBlogLog (if you guys are bloggers and part of the community there, you'll know what I mean...) I could see a link to my http://localhost/mysitename under my MBL stats panel

and the views showed 14 views to be precise. I dont know whether the 14 views were my own or not, but obviously not...when I clicked the link, and behold...it connected to my localhost test site!!

Can you believe that?

So, I deleted the entire Apache2Triad and every folder in there, and now I am really NOT sure whether http://localhost/mytestsite cannot be accessed by outsiders...my experience shows it can...

So, if anyone can find the time (and be so kind), please explain to me, how I set A2T again and not have it accesible to anyone but myself??

Thank you Sad

P.S: Forgot to mention, but I noticed before that google Ads can run on my localhost sites and (have the precise targetting to boot), so that means google staff could also access my test sites all this while, am I right? Rolling Eyes
View user's profileSend private message
lku homer
 
 


Joined: 29 May 2006
Posts: 104

PostPosted: Mon Apr 16, 2007 6:21 pm Reply with quoteBack to top

No one should be able to access your localhost. Ever.

But anyway, you can have each VHost on a different ListenPort. From there you can open up only the ports that you want the public to access. That should be all you need to do. I am not 100% on this since I have never had to deal with it.
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
gizmo7
 
 


Joined: 16 Apr 2007
Posts: 7

PostPosted: Tue Apr 17, 2007 12:33 pm Reply with quoteBack to top

Quote:
No one should be able to access your localhost. Ever.


I thought so too...but that was before I could actually click on the link and my localhost site opens up. Not only that, when I deleted the folder the localhost site was under, the http://localhost/ showed all the other directories in the root !!

Shocked

I really hope others can chime in,if you dont believe me, why not connect to the internet using an open relay port, (the one that gives you dynamic IPs everytime...maybe your ISP is like that)...I hope I am sounding correct, since I don't understand server talk...and then create an account on MyBlogLog, and create a localhostsite and then place their JS code on your script, use a Wordpress install.

You will see your link appear there in your stats on MyBlogLog, and you CAN connect to your localhost site just by clicking that link.

I am very concerned about what this means, I could be wrong...
View user's profileSend private message
lku homer
 
 


Joined: 29 May 2006
Posts: 104

PostPosted: Tue Apr 17, 2007 2:43 pm Reply with quoteBack to top

If you open up http://localhost/site on your browser, you will get your site. If I open http://localhost/site in my browser, I will get my site. Under no circumstance will I be able to type in http://localhost/site will I be able to get your site. It is not possible for me to get a localhost that is on your server.
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
gizmo7
 
 


Joined: 16 Apr 2007
Posts: 7

PostPosted: Wed Apr 18, 2007 12:29 pm Reply with quoteBack to top

Thanks for the enlightenment, Iku....

But just wondering about the MyBlogLog incident, and the fact there were 14 views listed for that http://localhost/mysite link...in my stats control panel over there at MyBlogLog....

I'm still wondering if MyBlogLog staff could actually peer in considering, I embedded their JS tracking code (to track MyBlogLog) visitors in my test site.

Sorry, if I'm fuzzy on this...server lingo has me all blur.
View user's profileSend private message
lku homer
 
 


Joined: 29 May 2006
Posts: 104

PostPosted: Wed Apr 18, 2007 12:35 pm Reply with quoteBack to top

No, it is not possible for someone else to view your localhost. The js you put on your localhost site can send information out, but it is not possible for anything to go into it.
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
gizmo7
 
 


Joined: 16 Apr 2007
Posts: 7

PostPosted: Thu Apr 19, 2007 5:06 am Reply with quoteBack to top

Just an update:

I sent MyBlogLog an email regarding my concerns about the localhost link in my stats and I just received an email reply from them (18 April):

My original email to them:

Quote:
Hello MBL,

I have a question I need to ask you. I use my localhost extensively for code testing, and what works or what doesnt work can be corrected fast.

But, the problem is, now when people view my profile, they can see my URL to my localhost and actually connect to my PC from the URL. I have yet to find out a way to make my PC a private server, so in the meantime, it goes without saying its not secure, right?

In future, I hope that a work around can be found for this, so that my localhost site doesnt get bunched up in my stats for everyone to see. I think it's better to disallow this URL stats viewing altogether....do let me know your say


Their reply:



Quote:
Hi to (me),



This has been suggested in the past and we’ll be working to exclude localhost urls from appearing in your stats in the not too distant future.



Thank you for the suggestion!


From their email, it sounds as if they (MBL staff) or anyone could actually see a localhost site... Surprised

If they couldn't, they would have said so? At the time I emailed them, I was under the impression that my localhost was accessible. Their reply didnt say it wasnt.

Comments, anyone?
View user's profileSend private message
lku homer
 
 


Joined: 29 May 2006
Posts: 104

PostPosted: Fri Apr 20, 2007 3:32 am Reply with quoteBack to top

No. They cannot see your localhost. They want to take the localhost away. The easy way to do it is to take the JS off the localhost site.
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT