Bedside hosting: the creepy practice of home hosting

“Bedside” hosting is a slang name for a server located in an ordinary residential apartment and connected to a home Internet channel. Such servers usually hosted a public FTP server, the owner’s home page and sometimes even a whole hosting for other projects. The phenomenon was common in the early days of the emergence of affordable home Internet via a dedicated channel, when renting a dedicated server in the data center was too expensive, and virtual servers were not yet common and quite convenient.

Most often, an old computer stood out for the “bedside” server, in which all found hard drives were installed. He could also act as a home router and firewall. Such a server was always at home for every self-respecting telecom employee.

With the advent of affordable cloud services, home servers have become less popular, and today the maximum that can be found in residential apartments is a NAS for storing photo albums, movies and backups.

The article discusses curious cases related to home servers and the problems that their administrators encounter. Let’s see how this phenomenon looks today and choose what interesting things can be hosted on your bedside server today.

Home network servers in Novaya Kakhovka. Photo from nag.ru

The correct IP address

The main requirement for the home server was the availability of a real, that is, an IP routed from the Internet IP address. Many providers did not provide such a service for individuals, and it was necessary to obtain it by special arrangement. Often, the provider required a separate agreement to provide a dedicated IP. Sometimes even this procedure involved creating a separate NIC Handle for the owner, as a result of which his name and home address were directly accessible using the Whois team. Here it was necessary to be careful when arguing on the Internet, as the joke about “calculate by IP” ceased to be a joke. By the way, there was a scandal not so long ago with provider Akadowho decided to post personal information of all his clients on whois.

Permanent IP address vs DynDNS

Well, if you managed to get a permanent IP address, then you could easily direct all domain names to it and forget it, but it was not always possible. Many large federal-level ADSL providers gave customers a real IP address only for the duration of the session, that is, it could change either once a day, or if the modem rebooted or the connection was lost. In this case, Dyn (dynamic) DNS services came to the rescue. Most popular service Dyn.com, a long time former free, made it possible to get a subdomain in the zone * .dyndns.org, which could be updated quickly when changing the IP address. A special client-side script constantly knocked on the DynDNS server, and if its outgoing address changed, the new address was immediately set to the A-record of the subdomain.

Closed ports and restricted protocols

Many providers, especially large ADSLs, were opposed to having users host any public services on their addresses, so they denied incoming connections to popular ports like HTTP. There are cases when providers blocked the ports of game servers, such as Counter-Strike and Half-Life. This practice is still popular, which is why it sometimes causes problems. For example, almost all providers block the RPC and NetBios Windows ports (135-139 and 445) to prevent the spread of viruses, as well as the often incoming ports for the Email SMTP, POP3, IMAP protocol.

Providers that provide IP-telephony services besides the Internet like to block SIP protocol ports, so that they force customers to use only their telephony services.

PTR and sending mail

Hosting your own mail server is a separate big topic. Keeping a personal mail server under your bed that is completely controlled by you is a very tempting idea. But implementation in practice was not always possible. Most ranges of IP addresses of home providers are in the permanent block in spam lists (Policy block list), so mail servers simply refuse to accept incoming SMTP connections from the IP addresses of home providers. As a result, sending an email from such a server was almost impossible.

In addition to successfully sending mail, it was necessary to set the correct PTR record to an IP address, that is, the reverse translation of an IP address to a domain name. The vast majority of providers agreed to this only with a special agreement or with the conclusion of a separate agreement.

We are looking for bedside server neighbors

Using PTR records, we can see which of our neighbors by IP addresses has agreed to install a special DNS record for their IP. To do this, take our home IP address, execute the command for it whois, and get the range of addresses that the provider issues to customers. There may be many such ranges, but for the experiment we’ll check one.

In our case, this is the provider Onlaym (Rostelecom). We go on 2ip.ru and get our IP address:

By the way, Onlime is one of those providers that always gives clients a permanent IP, even without the dedicated IP address service connected. However, the address may not change for months.

We resolve the entire range of addresses 95.84.192.0/18 (about 16 thousand addresses) using nmap. Option -sL in fact, it does not perform active scanning of hosts, but only sends DNS queries, so in the results we will see only the lines containing the domain associated with the IP address.

$ nmap -sL -vvv 95.84.192.0/18

......
Nmap scan report for broadband-95-84-195-131.ip.moscow.rt.ru (95.84.195.131)
Nmap scan report for broadband-95-84-195-132.ip.moscow.rt.ru (95.84.195.132)
Nmap scan report for broadband-95-84-195-133.ip.moscow.rt.ru (95.84.195.133)
Nmap scan report for broadband-95-84-195-134.ip.moscow.rt.ru (95.84.195.134)
Nmap scan report for broadband-95-84-195-135.ip.moscow.rt.ru (95.84.195.135)
Nmap scan report for mx2.merpassa.ru (95.84.195.136)
Nmap scan report for broadband-95-84-195-137.ip.moscow.rt.ru (95.84.195.137)
Nmap scan report for broadband-95-84-195-138.ip.moscow.rt.ru (95.84.195.138)
Nmap scan report for broadband-95-84-195-139.ip.moscow.rt.ru (95.84.195.139)
Nmap scan report for broadband-95-84-195-140.ip.moscow.rt.ru (95.84.195.140)
Nmap scan report for broadband-95-84-195-141.ip.moscow.rt.ru (95.84.195.141)
Nmap scan report for broadband-95-84-195-142.ip.moscow.rt.ru (95.84.195.142)
Nmap scan report for broadband-95-84-195-143.ip.moscow.rt.ru (95.84.195.143)
Nmap scan report for broadband-95-84-195-144.ip.moscow.rt.ru (95.84.195.144)
.....

Almost all addresses have a standard PTR record of the form broadband address.ip.moscow.rt.ru except for a couple of pieces, among which mx2.merpassa.ru. Judging by the mx subdomain, this is a mail server. Let’s try to check this address in the service Spamhouse

It can be seen that the entire IP range is in a permanent block list, and letters sent from this server will rarely reach the addressee. Consider this when choosing a server for outgoing mail.

Keeping your mail server within the IP range of your home provider is always a bad idea. Such a server will have problems sending and receiving mail. Keep this in mind if your system administrator suggests deploying the mail server directly to the office IP address.
Use either real hosting or an email service. So you will have to call less often to clarify whether your letters have reached.

WiFi Router Hosting

With the advent of single-board computers like the Raspberry Pi, you won’t surprise anyone with a site running on a device the size of a pack of cigarettes, but even before the advent of the Raspberry Pi, enthusiasts started their home pages right on their WiFi router!

The legendary WRT54G router, which started the OpenWRT project in 2004

The Linksys WRT54G router, from which the OpenWRT project began, did not have USB ports, but the craftsmen found soldered GPIO pins in it that could be used as SPI. So there was a mod that adds an SD card to the device. This opened up great freedom for creativity. You could even compile whole PHP! I personally remember how, almost unable to solder, I soldered an SD card to this router. Later, USB ports will appear in the routers and you can simply insert a USB flash drive.

Previously, there were several projects on the Internet that were completely launched on a home WiFi router, there will be a subscript about this below. Unfortunately, I could not find a single live site. Perhaps you know these?

Server cabinets from IKEA tables

One day, someone discovered that a popular IKEA coffee table called Lack is great as a rack for standard 19-inch servers. Due to the price of $ 9, this table has become very popular for creating home data centers. This installation method was called Lack rack.

Ikea Luck table is ideal instead of a server cabinet

Tables could be installed one on top of another and built real server cabinets. Unfortunately, because of the fragile chipboard from heavy servers, the tables were falling apart. For reliability, they were reinforced with metal corners.

How schoolchildren robbed me of the internet

I, as it should be, also had my own bedside server, on which a simple forum dedicated to the near-game topic was spinning. Once an aggressive schoolboy dissatisfied with the ban persuaded his comrades, and together they began to DDoS-eat my forum from their home computers. Since the entire Internet channel was then about 20 megabits, they managed to completely paralyze my home Internet. No locks on the firewall helped, because the channel was completely exhausted.
From the side it looked very funny:

– Hello, why don’t you answer me in ICQ?
– Sorry, there is no Internet, they give me a call.

The calls to the provider did not help, they answered me that dealing with this is not their responsibility, and they can only block me from completely incoming traffic. So I sat for two days without the Internet, until the attackers were tired.

Conclusion

There should have been a selection of modern P2P services that can be deployed on a home server, such as ZeroNet, IPFS, Tahoe-LAFS, BitTorrent, I2P. But over the past couple of years, my opinion has changed a lot. I believe that placing any public services on your home IP address, and even more so those that involve downloading user-generated content, creates an unjustified risk for all residents living in the apartment. Now I advise you to ban incoming connections from the Internet as much as possible, abandon allocated IP addresses, and keep all your projects on remote servers on the Internet.


Subscribe to our Instagram developer

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *