Heal Your Church WebSite


Teaching, rebuking, correcting & training in righteous web design.

Consider the costs of hosting your church website from the church office.

Just because your church can afford a small business DSL connection with a dedicated IP address doesn’t necessarily qualify you to run your church’s website from the church basement. There are many security issues that can and will compromise both your church’s web presence and/or your member’s confidential data if you’re not capable and willing to take the pains to lock-down your systems. In other words, it might be worth the $7.95 a month it costs these days to let someone else do the hosting for you.

For which of you, desiring to build a tower, does not first sit down and count the cost, whether he has enough to complete it? – Luke 14:28

The Scenario
You join a church in a relatively affluent suburban neighborhood. In turn, your church office can afford something along the lines of a Verizon small business DSL account to handle all their Internet needs, which also includes the blessing of a dedicated IP address. As a result, you decide to offset the money spent on Internet access by hosting your church’s website on a donated Pentium class machine using the Apache web server running on some variant Red Hat Linux.

Cool beans, you’ve cut some overhead costs and now have the advantage of being able to physically access your machine. Of course, physical access is a two-way street, as it also means some neer-do-well can walk away with all your work, your data and passwords. Similarly, unless you take steps to segregate your network, that is unless you put some sort of wall between the computer that hosts your website and the computers on rest of the church office network, you’re also exposing all of your church’s sensitive data to a host of nefarious network attacks.

Ignorance != Bliss
These are just few of many security issues you take on when you host on your own. If ignorance is bliss, then definitely do not read anything from the Hacking Exposed series unless you’re ready to spend a weekend or three doing what they say. Advice I suggest regardless of whether you’re running Linux/Apache or Windows Server 2003.

Another cost to consider is maintenance. Installing a firewall and/or rolling your own IPTables configuration on your server is just the beginning of securing your church’s web server. At some point you’re going to get probed and/or attacked. What do you do when your LogWatch cron job emails you the following?

Dropped 6 packets on interface eth0
From 61.131.58.194 – 3 packets
To 123.456.789.000 – 3 packets
Service: smtp (tcp/25) (** IN_TCP DROP **,eth0,none) – 3 packets
From 62.112.174.18 – 3 packets
To 123.456.789.000 – 3 packets
Service: smtp (tcp/25) (** IN_TCP DROP **,eth0,none) – 3 packets

Or how about this potential ‘Active System Attack‘ I enjoyed thwarting this morning on a dedicated server I manage?

9 Time(s): attackalert: Connect from host: ns1.et.pku.edu.cn/162.105.142.3 to TCP port: 111
4 Time(s): attackalert: Connect from host: ns1.gse.pku.edu.cn/162.105.142.3 to TCP port: 111
3 Time(s): attackalert: Connect from host: oldcpq.hedu.pku.edu.cn/162.105.142.3 to TCP port: 111
2 Time(s): attackalert: Connect from host: v480.gse.pku.edu.cn/162.105.142.3 to TCP port: 111

Penny-wise vs. Pound Foolish
The point is, unless you’ve got the networking, operating system and security chops to make a ready defense, then it may be more cost effective to let someone else host your site so you can keep your hands full of managing the compelling content aspect of your church or charity’s website.

2 Comments

  1. David over at http://www.christianasp.net is offering free ASP.NET hosting for church web sites. Very cool deal. So, if someone is considering the aforementioned idea, this would be a good alternative if a Windows host with the .NET framework would be acceptable for your church.

  2. Since you mentioned Verison DSL (g), I called yesterday to see if they’d hook us up with a residential-priced connection on our church line…

    While they wouldn’t do that, they did offer us a $39.95/month connection(1.5/128k?)–no free months, etc., and the setup and dsl modem fee’s rebated. Thirty-day guarantee, nine-month committment.

    The gentleman I spoke with at Verizon was Lavoris at 888-267-3987 ext. 7166.

    Might be one of the best deals for churches that just want to surf/e-mail and lose the dial-up.

    -Frank

    P.S.,

    Staples.com is running a $50 rebate promo for multiple broadband provders… might be worth trying to get the Verison residential plan + goodies through them… the worst that can happen is they’ll reject the order.