I have set up a small raspberry pi home automation from scratch along with some ipcams to surveil my house.
All those are controlled by a small webpage (with relay switches and video feeds) i have set up that works very well within my home network.
I was thinking of setting up a dyndns account (as i dont have a static ip) in order to be able to access all those things remotely through 4G.
Obviously i dont just want to point an open port to my web page and just make it accessible online.
How to i make this secure? Here are my thoughts:
Do i set up a quick Joomla! site inside my network that ill have to log in every time? (or something similar - im just familiar with Joomla!)
Is there some way to password protect the website with .htaccess? Is it safe? could you point me out to a guide?
Is there some way to restrict access only to my cellphone's 4G mac address?
Is there some way to set up some vpn or other "tunnel" between my phone and home? (I wouldnt want it to apply to all my phone's traffic though)
Do i have this all wrong and there's some other awesome way to do what i need?
Please keep in mind that i would appreciate simplicity and ease of connection every time ill access the website. ie. i wouldnt want to log in every time i need to open my garage while driving near the house.
Lastly i was thinking of posting this in some other stack subforum but i ended up here, if you think there is some more suitable community please let me know.
Thanks in advance
Password protect it. However, hackers can hack the IP cameras. Find vulnerabilities in the software and patch them. Port forwarding to IP cameras should be safe. You can use Hamachi for a tunnel but it requires you to have a computer. You can restrict access by IP address. There will be guides on the Internet. Google is the best option for you.
Related
Say, I want to have code and db backups? Where should I store them so that if a hacker hacked my site and have access to php and mysql I could restore them. Local server does not fit. Considering third-party services (DB, Google drive) a hacker would have success to them in case he hackes a server. If you could suggest where to store third-party API credential so that a hacker could not access them I would appreciate that.
But beside that is there a way to make and store backups by a server in a safe place (so that hacker could not get them)? As I see the only way is to make backups by outer services: from another server. I could do it from my computer. But it is a wrong solution. After I finished a project I should not have access to it. And in general It is not the best solution to rely on my computer at all.
I could not find anything worth in the internet. Is there a way to securely manage backups only from a (one) working server?
Long time reader first time asker, if my question is silly or missing info or miss titled lemme know and I'll fix it.
Okay, so I'm working at a community center for the next 8 weeks as a tech help assistant, I'm also a CS student.
They have a web application that is quite old running locally on an iis server (version 7). It's for keeping track of their members, events and registration It's written in asp.net and is using and Access database. They also have a wordpress website (php, mysql, apache) for advertising events and sharing information about what's going on in the community.
What they would like is to link their wordpress to the local application. I've been racking my brain about if this is even possible or not. I'm leaning towards not possible because the local application and shouldn't be outward facing as it has sensitive data on it and was not designed to be secure in the face of would-be hackers.
The only solution that I could think of is create a "walled off" section of the computer hosting the local application. Also an outward facing port that accepts incoming data from the wordpress site that is then passed onto the access database as an update (increasing a counter for the amount of people registered to a program). It needs to be possible for a file to have some kind of global (from the web) executable permissions and have all the other files on the localhost computer locked down from this global permission.
We would also need to be able to get 2 boolean values from the local app for the wordpress site. This is for if the program/camp/whatever is full and if the update was unsuccessful in the event of something going wrong. I'm just not sure if something like that is even possible and where to start with that. The most important thing is that it's secure.
If a secure API could work I have time to create something like that.
I don't have enough time to upgrade their local system to make it safe enough to be online because I have to run tech help sessions. I know that is the most realistic option.
Thanks very much
What they would like is to link their wordpress to the local
application. I've been racking my brain about if this is even possible
or not. I'm leaning towards not possible because the local application
and shouldn't be outward facing as it has sensitive data on it and was
not designed to be secure in the face of would-be hackers.
I think you've hit the nail on the head right there. It looks like you have a decent understanding of the situation but not of their internal app. The fact is that it's hard to scope something like this without getting in and getting details. Step 1 would be to see if you can talk to whoever it is that built the thing and get their feedback. It might be secure enough to expose some sort of connection.
Really there's not enough information here to determine a good answer, and you should be wary of anyone that says it's secure. There are a ton of factors that go into web security.
You might be able to throw together a basic RESTful API with authentication to send only to the wordpress site's IP. But if it's sharing the IP that information can be consumed by third parties so you'll have to decide if that is an okay risk.
I wouldn't try and expose everything and partition with apache. A basic RESTful API with authentication would be best at first glance IMO. That way you only show consumable data and limit what can be used.
Can anyone share me any idea (free) that I can make my Laravel Application (costumer website) usable to only single IP or domain?
After I host the application into my client's end, I want my code to be secured from being used again for other projects.
I want to prevent my client from re-publish my code
for example: remote confirmed from my web service for Client IP (costumer website)
After I host the application into my client's end, I want my code to be secured from being used again for other projects.
What you're looking for is a legal protection, not a technological one.
This is related to the "problem" of client authenticity in that you cannot generally control the contents of the computer that's communicating with you. Any copy-protection mechanisms you install will be trivially bypassed. (I work with cryptography; I've seen a lot of attempts to be clever, and none of them have ever stopped me from bypassing or disabling them.)
Can anyone share me any idea (free) that I can make my Laravel Application (costumer website) usable to only single IP or domain?
The way that's worded sounds like you're asking StackOverflow to give you free work (or point you to a free alternative to snakeoil solutions like ionCube) which is not what this website is for.
I'm making an web application, it's a kind of online shop using PHP, jQuery, AJAX and JavaScript.
I want to launch my site on only one PC on local host. How should I set my site so that it only runs on my single PC?
Even if anybody copy my code files and database files to his/her own PC it should not run on their PC. How to do this?
The one way I know is by using the IP address. but I not quite sure about this method works or not.
If someone gains access to your source code then there is nothing that you can do to stop them.
When hosting it on your own you can prevent external access but beyond that there is nothing you can do.
You can use an encoder script to encrypt your source code, and some of these come with an ability to lock down to MAC address. I think they are all commercial solutions, though; start with IonCube and SourceGuardian. Zend might have something as well.
I would imagine each of these solutions would have comprehensive tutorials on their respective sites. Your workflow is basically to check out a copy of your source code from version control, and encode that folder as part of your build process.
Technically, encrypted code can be reverse-engineered, since the encryption key is built into the code. However, it is a lot of work for someone to do so, and even if they decode it, they won't have your comments or your meaningful variable/method/class names.
Make sure no one gains access to that PC (where your application resides). Only in that case you can protect your application from being run by unauthorized person. Once you take this security measure then you can easily disable your application from being accessed from any other LAN computers by using your IP. This is how professional servers works so should you.
You can change the webserver binding to localhost 127.0.0.1 only.
Alternative way you can create a filter rule that the server only accepts remote from localhost/127.0.0.1
With apache you can do this by .htaccess or directory/server rules.
When you want to share that code, you need to encrypt it with zend-guard or equal tools. there is also some licence management inside it, where you can bind licences to machines.
Hello guys.
I think it isn't possible just using PHP, but just to be sure.
Is it possible for PHP to know if the
user is accessing the web from behind
a Router?
And if yes, how can i get some
information about that router, like:
Router Name, Brand, Serial Number, ...
Users connected in the same network.
Can PHP also find the Local IP
Address for the visitor in that
Network?
A few simple questions. To which i haven't found a solid answer, and i tough that some PHP genius could tell me. And teach me.
Thanks for your help.
EDIT: Motives for this privacy invasive question
I didn't thought that i had to say this... But i guess i do
I was writing a couple functions that would get the browser preferred languages and finding out from which Country the user comes based on the IP, to deliver my website content in the right language to the visitor.
Then i started to think, most people browse from behind the router, can i find out if they are indeed?
Then it just came to my mind to do one of those simple programs that display network details, people connected on your network. My idea was to do that, but Web App Based not Desktop App Based as all other programs of this kind.
I appreciate privacy above everything as most developers do, so i kind of understand the Down Votes, i would probably Down Vote myself.
I'm sorry if you misjudge me due to my weird question, i have nothing to do so.. These things just popped up on my head.
First, are you talking about finding out information about users visiting your website? Keep in mind that this implies an intrusion into their privacy (you can try it with yourself though ;))
Is it possible for PHP to know if the user is accessing the web from behind a Router?
No you cannot. Only when you know that e.g. you have a lot visitors from one company and they all have the same IP address, they might be behind a router but it could also be a proxy.
And if yes, how can i get some information about that router, like:
Router Name, Brand, Serial Number, ...
If you have the IP you might be able to discover various things about a host with tools such as nmap. You might be able to find out the brand of a router and host system but definitely not serial number and such stuff. nmap is not PHP though.
Note: The use of such tools without permission to do so is illegal in some countries. In any way, the use of such tools without permission is morally questionable .
Users connected in the same network.
As I mentioned in the first question, if you have different users with the same IP address they might be in the same network. They could also be in different sub-networks. Anyway you cannot get their local IP addresses.
Can PHP also find the Local IP Address for the visitor in that Network?
See previous answer.
You see, everything is very vague and mostly based on assumptions. You cannot get reliable information and I am very glad that we are not totally transparent yet.
Once we all use IPv6, the whole story is a different one.
I have no idea what you're trying to do, but it worries me a little.
So I'm glad that (as you suspected) it's not possible.
All the details you're asking about is information that there's no reason for anyone outside the local network to need, it would be a huge security problem if a router was broadcasting this to the world.
It is not possible, by the design of the network protocols.
However, some routers uses special builds of PHP in its admin control panels.