Moving my external e-mail server to my own computer.

[ytho]

Company that i was paying for hosting - got hacked multiple times. Passwords, data about my contractors etc.

I need to move my site entirely from external hosting to my own pc, i've been told that it's a lot safer. 
Got public static IP and good pc ready to be a server. 

Is anyone here kind enough to explain to me how to do that step by step? 
Is it really safer than external hosting? 
*Yes i have a backup battery (cyberpower)
*Yes i have a good connection (optical fiber)
*Got premium malwarebytes and avast if that makes it any safer..

EDIT: After some research, the best solution is to move just the e-mail server (because it's the e-mail that has the important data, we don't store anything important elsewhere). I've been told that it's a lot easier to do. Any help with that?

[Guest]

7 minutes ago, ytho said:

Is it really safer than external hosting? 

If you don't know what you are doing, it could be very much more susceptible to hacking.

I would go for a better host vs. self hosting if you have 0 experience.

That said, what kind of site is it? As in what platform was it built on?

[WereCatf]

6 minutes ago, ytho said:

Is it really safer than external hosting?

No. Not all hosting-services are of the same quality; there are both good ones and bad ones. Also, are you actually capable of setting up securely and keeping your services secure? You hosting your own site but doing a poor job from a security-perspective ain't going to be an improvement.

[Master Disaster]

Yeah, as an example. I do host my own website on my own box, as well as protecting non public folders with .htaccess I also have an SSL cert for my domain and my router only forwards request made over SSL, it ignores HTTP requests entirely. My webserver folders that host all my files have their own dedicated user which is the only account that can access the files in /var/www/ and the web account cannot access ANYTHING else except for the /var/www/ folder. All files in the www folder are set to read only unless they will not function without write permissions (mostly scripts or folders where data is stored). My Apache & PHP installs only have modules enabled that I absolutely need, my PhpMyAdmin root account is set to only work over a socket through terminal or SSH and no other accounts can access PhpMyAdmin through terminal or SSH. Finally my entire webserver is running inside a VM that only hosts the www files so if someone does break out of the webserver into my root FS they only have access to a snapshotted VM.

 

Despite all that, I'd wager that someone like Colonel Mortis would take no more than 5 minutes to find something I missed and exploit it.

[ytho]

On 1/27/2021 at 4:46 PM, Den-Fi said:

If you don't know what you are doing, it could be very much more susceptible to hacking.

I would go for a better host vs. self hosting if you have 0 experience.

That said, what kind of site is it? As in what platform was it built on?

No idea, i paid a guy to set it up. 

Host is on linux, site is on php i guess.

[ytho]

29 minutes ago, WereCatf said:

No. Not all hosting-services are of the same quality; there are both good ones and bad ones. Also, are you actually capable of setting up securely and keeping your services secure? You hosting your own site but doing a poor job from a security-perspective ain't going to be an improvement.

Im a computer guy from physical side. Meaning that i can fix a broken motherboard with soldering involved, but i was never into setting up my own sites and stuff. How i see it:
There are three 3 layers to IT overall. Layer of electronics>layer of systems/apps>layer of network. I know loads about first two, but not that much about networking. I understand how DDNS/windows servers works, but nothing more. 

[ytho]

11 minutes ago, Master Disaster said:

Yeah, as an example. I do host my own website on my own box, as well as protecting non public folders with .htaccess I also have an SSL cert for my domain and my router only forwards request made over SSL, it ignores HTTP requests entirely. My webserver folders that host all my files have their own dedicated user which is the only account that can access the files in /var/www/ and the web account cannot access ANYTHING else except for the /var/www/ folder. All files in the www folder are set to read only unless they will not function without write permissions (mostly scripts or folders where data is stored). My Apache & PHP installs only have modules enabled that I absolutely need, my PhpMyAdmin root account is set to only work over a socket through terminal or SSH and no other accounts can access PhpMyAdmin through terminal or SSH. Finally my entire webserver is running inside a VM that only hosts the www files so if someone does break out of the webserver into my root FS they only have access to a snapshotted VM.

 

Despite all that, I'd wager that someone like Colonel Mortis would take no more than 5 minutes to find something I missed and exploit it.

I don't need for this site to be perfect. I'm just tired of external hosts being bad at their job and getting hacked every 3 months. I lost some real money because of this. I'm not being targeted specifically by someone. Host is getting hacked, someone is selling packs of passwords and data on darkweb, and im getting fake scammy e-mails and logged into my accounts. 

[Master Disaster]

23 minutes ago, ytho said:

I don't need for this site to be perfect. I'm just tired of external hosts being bad at their job and getting hacked every 3 months. I lost some real money because of this. I'm not being targeted specifically by someone. Host is getting hacked, someone is selling packs of passwords and data on darkweb, and im getting fake scammy e-mails and logged into my accounts. 

That the thing, if that's happening to the people who are selling the service professionally imagine what is happening to the people who throw Apache on to a rig and run with it OOTB.

 

Having anything public facing on the internet is like putting up a "my door might not be locked properly, see if you can burgle me" sign on the front of your house.

 

Change to a better provider.

[ytho]

1 hour ago, Master Disaster said:

That the thing, if that's happening to the people who are selling the service professionally imagine what is happening to the people who throw Apache on to a rig and run with it OOTB.

 

Having anything public facing on the internet is like putting up a "my door might not be locked properly, see if you can burgle me" sign on the front of your house.

 

Change to a better provider.

Literally every company around me have the same problem and is thinking about setting up their own servers because every host provider keeps getting hacked.
Even if my security is worse, someone would have to target me specifically. Which provider is "better"? Because literally everyone around me are getting hacked, even facebook. 

Everyone in my company are using thunderbird. We are logging into a mail server provided by external hosting service. Our site is on the same server i presume. What can i do other than switching to another provider just to see fake e-mails again tomorrow? 
And im 100% sure that scammers have my info because of providers getting hacked, because:
-I'm changing every password after every time i see something suspicious.
-I paid close to 2k to some IT company just to tell me that there's nothing more they can do to make my computers safer.
-I keep seeing posts on facebook from my provider that there was a data breach every couple of months

EDIT : I've been on the phone with that IT company and they told me that the best solution is to move just my e-mail to another server as that's the only place with important data (and stick with the same provider for the site and stuff) Do you personally think that it's a good idea?