Do you have an old laptop without a screen and other missing parts? That’s more than enough for a decent home server. Some folks even use Legos to build theirs. A recent shoutout from PewDiePie sent thousands of beginners diving into self-hosting for the first time. But beware of potential security disasters waiting to happen: don’t expose yourself to bots constantly scanning your IP.
Self-hosting is gaining mainstream attention after PewDiePie released his “degoogling” journey to escape big tech's grasp.
“Twenty bucks for 100GB? I don’t think so. I’m not gonna pay you to hold my data hostage forever. Not happening,” the star mocked the yearly Google Drive subscription price.
Fed up with being tracked, monetized, and charged for subscriptions, PewDiePie built his own secure vault at home – all running on a Steam Deck.
In a video, he blends fun, paranoia, and pragmatism, swapping most Google services with locally run open-source alternatives, despite admitting that he didn’t know what he was doing.
“Maybe you have some device lying around at home that you can run Linux on, bring it back to life. Instead of throwing it away, and I hate to be that guy, but it's better for the environment. Yes, it's a lot of tinkering, but you learn a lot,” the YouTube star said, encouraging others to build their own servers.
Now, the “self-hosting” search term is at its highest level ever on Google Trends.
Reddit communities are buzzing with fun home server projects, and GitHub is busy fetching up all the repositories for hungry enthusiasts.
However, no word is said about the potential security implications. That’s where cyber pros step in. Beware of ever exposing your services online.
Disasters waiting to happen
What can go wrong if you decide to self-host? A lot, according to Savva Pistolas, Technical Director of ADAS Ltd, a cybersecurity company. But don’t let that discourage you – just make sure to consider the key security factors.
“I've got experience running cheap and low-cost self-hosted servers myself, and have been doing so since a young age. There are some real trip wires out there, and AI has accelerated the ability to do without knowing,” Pistolas said.
Everyone in the house might occasionally lose their internet connection, while you tinker or set up a “custom DNS server,” but that’s not the worst-case scenario.
The expert warns that poorly configured devices can be silently pulled into botnets, mine cryptocurrencies, or even serve as platforms for geographically distributed cyberattacks.
Even worse, family devices can potentially be infected with infostealers, bricked by automated ransomware, and you may even receive letters from your internet service provider warning about potentially malicious actions.
“On my first attempt at self-hosting – mainly for file storage and contacts – I unintentionally revealed my database admin panels to anyone who wanted to find them. And this isn't uncommon for beginners to do, since it happens after only a small misconfigured setting,” Joe Warnimont, Senior Analyst at HostingAdvice, said.
He compares this to putting a “come on in” sign on the front door, which enables bad actors to gain a foothold in the home network and then tap into other devices, such as laptops, smartphones, smart TVs, or even security cameras.
Both experts warn about malicious bots constantly probing your IP address for known vulnerabilities, thousands of times per day.
What are the most critical don’ts?
Just a single most dangerous mistake will cause you the most potential headaches: opening ports.
“Avoid exposing services to the internet unless you’re really confident in what you’re doing,” Pistolas said. “Avoid opening ports at all if you’re a beginner.”
Ports are like doorways that allow apps to communicate. Home routers keep all these doors locked for outsiders. However, a single open port means that outsiders can send data to your network and hijack the service behind it if it is not appropriately secured.
Beware that scanners like Shodan or Censys will find open ports within hours and catalog your IP address, telling the whole world exactly what you’re running. Open ports make your server visible to every hacker on the internet.
This means that a Minecraft or other game server that requires access from outside is not the best starting project.
“I can't stress enough that beginners should avoid email servers and local databases that offer external access. They're too complex for beginners and often expose sensitive data or pathways to your home network,” Warnimont confirms.
The better the security expert, the fewer open ports he will leave, if any at all. And you’re likely to make other mistakes while you learn.
“The biggest mistake I see from self-hosting beginners is what I call ‘the colander defense system.’ They go through all the work to build a self-hosted system with a firewall, but they end up punching holes in that security by using default credentials, skipping two-factor authentication, or opening random ports without knowing anything about them,” Warnimont explains.
Where do you start?
Your first home server can be almost any old computer, a Raspberry Pi, or another device. If you need inspiration, there’s plenty on Reddit.
Wallmounted Lego Mini NAS (Raspberry Pi 4b)
byu/koechzzzn inHomeServer
The first project should only be run locally. A safer approach is running the services as virtual machines or containers on Proxmox or another hypervisor, which can be easily installed on an old laptop. Proxmox allows quick deployment of various solutions and quick restores from backup images once they inevitably fail.
It’s not much, but its a start.
byu/_DevilishGod_ inHomeServer
“I usually recommend one big ‘do’ for all beginners in the self-hosting space. ‘Do’ start in a ‘simulation,’ Warnimont said.
“It's like learning how to fly an airplane. You wouldn't just hop in a plane by yourself and see how it goes. You need an isolated training space where no one can get hurt, including yourself.”
Security experts recommend segmenting the network and, in the beginning, separating the home lab into a separate VLAN (Virtual Local Area Network).
“The best value services for beginners include Plex and Bitwarden. Plex is great for media storage and streaming, while Bitwarden helps you keep your passwords secure – both excellent starting points that offer value at a reasonable learning curve,” Warnimont explains.
Pistolas recommends trying out Pi-hole to implement network-wide adblocking, learn about DNS, and what a hosts file is.
“It’s quite fun to get this running on a Raspberry Pi, and a good project that will take you under a day,” Pistolas said.
“A slightly less popular one is to host a book management system like Calibre. If you’re an avid reader, this might be fun. I share a self-hosted Calibre server with my girlfriend, and she’s found immense use in this for her ongoing PhD.”
Before opening any ports, you should focus on learning how a VPN works.
“WireGuard is the easiest to learn in my opinion, and I still use it to facilitate connections to hardware across untrusted networks on Penetration Tests. It’s a tool that will stay by your side for years to come,” Pistolas said.
If you really want that Minecraft server, it’s best to rent a virtual private server when you’re a beginner. Do not expose your home network until you know how to set up a VPN, configure a reverse proxy, and secure an encrypted connection on the 443 port (HTTPS) as the only point of entry to your home network.
“If you really do want to expose services to the internet, ensure you’ve got some logging set up and know how to detect a spike in traffic or ongoing attacks,” Pistolas added.
Helper scripts, GitHub, and AI chatbots at your disposal
Once you have Proxmox or another hypervisor set up and running, you’ll find that sometimes you can launch services on your home server with a single helper script. There are thousands available on GitHub and elsewhere. AI chatbots and video tutorials on YouTube are also at your service, making everything easier.
However, you also have to be mindful of the security when using all this help.
“GitHub is an absolutely phenomenal resource and has reached me like a lifeline from God on many occasions. It is fantastic to dial into humanity’s collective codebase and find interesting and useful software,” Pistolas explains.
“It’s vital to remember, though, that stuff from GitHub is realistically just stuff from strangers and so does require some scrutiny.”
Check if the code you found is actively supported and take advantage of GitHub’s reputation economy by checking the activity metrics, like stars, forks, etc. When in doubt, prompt the AI chatbot about your code of choice for a line-by-line explainer.
“AI-generated content does work most of the time, but can include poor security practices. AI is a good learning tool, but it’s one that (In my opinion) should be used dialogically – that is, in conversation. You chat with your AI buddy about what stuff means, but ultimately you should not use it as a ‘shortcut,’” Pistolas said.
“AI is there to help you think, not do the thinking for you!”
The expert recommends that complete beginners first find some good content creators and take some notes following their tutorials.
“Don’t follow tutorials one step at a time before you’ve gone through the whole thing and know you understand every step,” he added.
Remember that a home server, like any other app or device, requires maintenance – keep it updated.
“If you find yourself frustrated or stuck, remember that this is a vital part of the journey – it’s okay to take a break and come back later, and it doesn’t reflect negatively on you to struggle. What matters is enjoying yourself, a commitment to learning, and a respect for digital safety and cybersecurity,” Pistolas says encouragingly.
One of the best learning journeys
Since kids often march miles ahead of their parents with technology, the expert recommends that parents consistently review their experiments with home servers and learn alongside them. This is also an opportunity to collaborate on a project that brings value to the family routine. Learning takes time, but that is part of the fun.
“Self-hosting is simply one of the best learning journeys out there, especially for newcomers, including kids, looking to get into tech,” Pistolas concludes.
“There’s a lot of abstraction in technology these days, with design centering on ‘experience without explanation’, so any time a kid or a newcomer wants to delve into self-directed study and learning with some tinkering on an old laptop or something like that – it should be celebrated!”
Your email address will not be published. Required fields are markedmarked