HFS: Secure your server
This article is about security for HFS users.
Many people ask: am I safe running this server software?
100% safety on the net is utopia, but we want to be reasonably safe.
HFS is considered quite safe software, no security bug is known at the moment, just ensure you are using the last version available. Moreover, HFS is open source, thus anyone is able to check for security flaws in it.
Even though it was not designed to be extremely robust, it is quite stable and has been used for months without a restart ([see forum topic]).
Secure your Windows
Before HFS, you should worry about your Windows system. To secure your computer follow these advices:
- keep Windows updated with Windows Update
- use a good and updated firewall
- use a good and updated antivirus
If you comply with these rules, the risk may be considered very low.
What about strange logs?
If you see scary requests in the log, don't worry. They are just requests. By default HFS logs fulfilled requests, so, if no reply has been logged, the request has not been fulfilled.
HTTPS and SSL
HFS currelty supports only HTTP. Hard to say when in the future HTTPS will be supported natively. In the while you can try adding HTTPS support by using STunnel. Read the article.