Using your NAS to develop websites

Most people think that network attached storage (NAS) is just a box with drives in it attached to your local network. In fact, NAS is a computer, minus the monitor and keyboard. As such, it can be incredibly powerful, containing its own CPU and memory.

I recently found another good use for my NAS in setting it up as a Web server to use when I develop websites. I added Apache, PHP, mySQL etc, and several virtual hosts for the various sites. (Yes, there are software solutions such as MAMP and XAMP, but these have conflicts with your mySQL database, if it is already in use.)

So, by having everything on the NAS, it is completely independent of my machine and serves as a more realistic test bed.

The most interesting thing, however, is that I set up my NAS as a DNS server too, allowing me to use my mac’s web browser and type in my development name for each site, such as site1.dev or worksite.dev, while still allowing me access to the internet as a whole. The Synology NAS will forward through to a web based DNS if it is unable to find the requested site locally.

Then, all I had to do was go to network settings on my Macintosh and change the DNS to point at my NAS instead.

I thought that was pretty slick. I can work on development sites as well as continue to surf the web without any changes to my workflow. Very convenient.

FWIW.

Do the bad guys have your password?

Here’s the bad news: YES, the badguys already have your email, and any number of your passwords. There’s a good chance they also have your Social Security number, your home address, your phone and other stuff.  

How you ask? Well, it’s very unlikely that YOU have been hacked, and extremely likely that they got all that info off some site you used it on (which they hacked.) Literally billions and billions of such tidbits can easily be purchased on the dark web for a few bucks.

What are the odds they have at least some of your info? Probably about 70%. Don’t think you’re magically immune – you are not.

If you got an email from yourself (!) to your email address, including your first name, and an old password – congratulations: your info is for sale.

Not sure how many of you folks know about this site, but it’s certainly worth visiting, and signing up for. It will tell you if your email address(es) have been made public, and what info was released in the hack.

https://haveibeenpwned.com

Somewhile back, I signed up for their email notifications (free) and and finally got one. This time the hack included passwords.

Fortunately, instead of using the site (above) one at a time, 1Password will go thru your entire collection of passwords for you, and tell you quickly which of them  have been compromised. (It’s in a section of 1Password called Watch Tower, which you must turn on in their prefs.)

Previously phishing attacks were full of misspellings and bad grammar, and simple obvious tricks (“Please click here and provide your name and password.”)

These days, some attacks are so sophisticated that you’ll swear that it’s legit. It’s a minefield out there.

So: get and use 1Password, or at least visit the HaveIBeenPwned website.

Next:  NEVER open an attachment without verifying it.

DO look at the sending and/or return address. If you get an email from Apple, but the return address is AppleStuff@rosyredcrooks.com, you know it’s fake.

These are only obvious, and not remotely a -complete- list of things to look for.

Never click on ANY link in -any- suspicious email. If you get a suspicious email from Bank of America, and you want to see if it’s legit, use your OWN bookmark in your brower, not the link in the email.

Finally, never click on a spam email’s “unsubscribe me” link! You’re merely confirming to them that your email address is good.

Be safe out there!

 

Tracy