7 Lessons I Learned from Having My Own Server

For several years I leased an unmanaged dedicated server from a company that will remain nameless. I loved the experience, but there were plenty of times when I made horrible mistakes. The following are seven lessons I learned from having my own server.

1. Whatever I thought I knew was far less than what I needed to know.

Like you and many others, I did not wake up one day and start running my own server. I had several websites and eventually decided I needed more control, more space, and more bandwidth. My first step was to get a VPS, which I used to resell some hosting accounts and help pay for the cost. But even with all of that, I was still not prepared to take on my own server. There was so much I did not know and had to learn on the fly with my few clients expecting me to maintain the same level of service after the migration.

2. There is no security through obscurity

Your server can be the most unnoticeable hole in the giant wall that is the Internet, but that does not mean you are safe. This is not just a conspiracy theory. I can tell you from experience that if your server is in any way connected to the Internet (HTTP, FTP, etc.), hackers can find it. It does not matter how unimportant your data is. They may only use your server to attack others, but it will be random and damaging to your websites and your reputation.

3. The weakest points in a server are often its users

Even if you have your server locked down and fortified with titanium alloy, it may still be vulnerable from within. All it takes is one careless user with a weak password or bad script to send your server spiraling into a pit of spam and botnets. Because of this, you must stay on your users. Force them to have strong passwords. Restrict their access to the absolute minimum they can have while still functioning.

4. Loads of space and bandwidth mean nothing with limited hardware

Many web hosts offer what they call “unlimited” service. They promote unlimited bandwidth or unlimited disk space, but if you try hard enough, you will find out that there actually are limits. Even still, that is not the issue here. Even if a server hosts offers you a fix amount of bandwidth, limited hardware can prevent you from taking advantage of it. A weak desktop CPU (like a Celeron processor) or a small amount of RAM are much more damaging to your website’s performance than other factors. When the traffic starts rolling into your site, unlimited bandwidth will do you no good if the server hangs because it runs out of memory.

5. “Unmanaged server” does not mean you can do whatever you want with it.

An unmanaged server means that the web host does not handle the day-to-day maintenance, secondary software installation, or website management. For example, UK web server hosting company 34SP.com offers entry level and high end unmanaged servers, but that does not mean you can send spam from them or use them to cause harm to other computers or servers. Of course, you may have no ill intentions, but the point is that you have to make sure any users on your server know the hosting company’s terms of service and that your security prevents outsiders from using your server for nefarious purposes.

6. Security is not a problem to be fixed but an ongoing struggle

Yes, there is an app for that, but it will not solve everything in one click. No matter how many firewalls and security measures you have in place, you still need to actively monitor your server and scan it for vulnerabilities. No security tool is fool proof, so it is still possible that your server could be attacked. If it does happen, however, you can be prepared with a mitigation plan in place. Prepare for the worse and actively monitor logs, websites, ports, and users.

7. Make backups and backups of your backups

Forget everything else I just said if that is the only way you will pay attention to this paragraph. None of the above means anything if you do not backup your server. I have learned this from both my desktop computers and servers. Even if your server is secure and stable, all it takes is one user mistake to erase an entire directory of information, an entire database, or even an important system file. Backups will save you, so backup everything you can, and backup often.

There are many other lessons I learned and probably forgot right after I learned them. The best advice I can give to you is to document everything you do, especially if you start tweaking your OS or applications. In the end, you and your customers will be happier.