Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

How to secure your church’s dedicated Linux server

This post is dedicated to all of you running your church’s website in the choir robe closet, or who have been graced with a generous and geeky member who has taken advantage of one of those cheap, unmanaged dedicated server deals advertised at places like WebHostingTalk:

As the author plainly states, “This list is not comprehensive, nor does [he] take any responsibility for any harm that may come to your server if you use any of these commands.”

Emphasis mine, that said, I found this a very good “quick reference” for those of you thinking about running or leasing your own Linux/Apache server. Especially for those blissfully ignorant enough to think it can be done simply by installing ubuntu on an old machine some donated as a tax-write off.

Using Richy’s sobering tips, I went out and found how-to articles on each of these “dedicated Linux server for dummies” points – just so you could realize just how much work goes into “hardening Linux servers for dummies:”

Now if this hasn’t scared you out of running your own server in the basement of your church or charity (and I’m hoping it does), then may suggest, rather … I COMMAND YOU to go buy and then read “Hacking Linux Exposed” before you take the dive.

Seriously, consider the costs of trying to save money by running a box out of an unused closet or corner of your church. It may be more expensive in time and lost off data than you think. At least think of all the work that goes into hardening Linux web servers these days.

How ’bout some of you other pros out there? I’m sure I’ve missed something. Leave a comment, we’ll add to the list.

One Comment

  1. Two other things:

    Keep your CMS (content management system) up to date as well. WordPress for example released a major security update earlier this week, version 2.3.2 had a major issue in it. (hint hint)

    Make backups of your datafiles. What is the church burns down, gets burglarized? Or if someone accidentally unplugs the server and the hard drive gets zapped? A backup system will let you get up and running much more quickly than having to re-enter all the data. My church’s site’s database got corrupted last Fall, so most of our site is still gone, probably forever.