hosting website, not allowed

[OP mimeryme 0]

i believe hosting websites are a no-no in the tos agreement with my isp provider, but can they tell if i do so? i have a small website i want to host on an old pc using apache. i've got it hosted for free on brinkster, but no ftp sucks and the space is too limiting (30MB). uhm, i said small, cuz it's mainly a personal site to host albums of pictures and such.

also, when considering a host you've got to know what's how much bandwidth you'll get. if i get this started, what is the limit on my bandwidth then? i mean, how much data can be served per month? is there a way to figure this out?

thanks for any help.

[Awesys 0]

Usually, I believe they only scan port 21 or 80 (whatever the port websites are hosted on).. But I'm not entirely sure. I've run a FTP on my connection, even though I wasn't supposed to.. :s I used port 8521, and they didn't seem to notice anything..

[OP mimeryme 0]

ah, thanks Awesys, now just got to figure out what to change in my apache settings to let me do that.

[Scrown Owl 0]

Don't regularly run intrusive portscans on people to see what services are running, as that is both unethical and illegal to some degree.

However, what they do more often than not is 'sniff' traffic running to their customers to look for any traffic directed at port 80, or 21 (if running web servers and FTP services are not allowed on said ISP), then crusually wait for a responce from said port. If both of these carry, using a tool such as capturenet, they automatically log the transaction and alerts are normally feried by e-mail to the system administrator. Most routers employed by ISPs can carry out this as a matter of configuration, and as a result traffic to such ports never makes it through the router in the first place. (AOL for instance blocks any traffic to the 139 port of their customers to prevent people taking advantage of any possible IPC$ vulnerabilities). ISP's such as this normally don't care if people run webservers or FTP's based on the fact that no packets will ever reach those services to even make use of them.

The way round it for FTP is indeed through the use of differant port number, meaning that the packets will be neither flagged nor tagged. Especially if the person has their client set up to recieve packets from the FTP service on port 25. That way, it appears to the ISP and their sniffers as if the person running the FTP site on a high port and sending information to the client, is in fact legitimately connecting to an FTP service on an external source.

With http connections the problem is of course created by the fact that browsers by default will always attempt to connect to port 80, meaning that if you changed the port, you would have to tell people about that change, before they could look at your site so they could reconfigure their browsers.

I'd personally just stick the site up and see what happens, and how many hits it gets, and see if the ISP admin e-mailed me and told me to shut it down, which is the normal course of action for them to take. They rarely sever connections for such ridiculously unimportant offenses.

The other way of doing it, is pay a pitifully small amount a month to have your site hosted by a company, with 100 MB of web-space.

Scrown Owl

[Tim Dorr 0]

Originally posted by mimeryme

ah, thanks Awesys, now just got to figure out what to change in my apache settings to let me do that.

Lookup the "Listen" Directive. You can add the a Listen 88 or Listen 8080 line if you like.

As for possible bandwidth, do the math. Just muliply what you can get per second times 60*60*24*30 and that's how much you can do per month.