travis_farmer:
if i don't download it, are you saying i should write Linux code from scratch?
He's saying he recompiles the kernel with his own set of flags. 'Special Sauce' not 'Special Source'
Sometimes the recompile is worth the effort but a lot of times, it's just the same old, obfuscating, prima-donna, donkey crap. Security is one thing but inbuilt dependency on self appointed 'gurus' who can't work effectively in a team can end up being a much greater financial risk.
i don't really have that much time on my hands. besides, it is just a hobby server. i am still not entirely sure if i want to open it up fully to the public, or or not. i may just let only a select few people to be able to access it.
You don't really have a choice. Once your server can be reached from the internet it will get probed and it will get attacked. Exploiting web applications is often the means by which a server gets pwned.
At the end of the day, there is only so much you can do. Google, Amazon, Microsoft, Apple, Sony, have 1000s of the best engineers on the planet working for them, with near to an unlimited budget, and even they can not keep the hackers out entirely.
it's not like i will be running a corporate hosting service. just a personal website, with a hobby forum (if for no other reason than just because i can). other features may arrive in the future, but network port 80 is likely to be the extent of it.
The most valuable commodity for a hacker is free bandwidth and they find lots of it laying unprotected on 'unlimited' residential broad band accounts. You need to take some care to reduce the attack surfaces, keep a regular check on the logs and set up some alerts for any unusual network activity. Best advice is to not put any data on the server that you are not prepared to share or lose.
And, don't let any prima-donna guru put you off trying.