Ubuntu Linux HTTP/SSH Default Security

[SinbadEV]

So, I feel like opening up http and ssh through my router to my Ubuntu computer at home so I can mess around with it remotely... how secure is Ubuntu's/Apache2's default security... aka how likely am I to get hacked by opening/forwarding ports 80, 8080 and 22 to my local machine?

[AF]

Why would you want to use those ports if you want to remain secure? You could always tunnel http over ssh*

* I would advise against hosting a server on there at all if possible

[SinbadEV]

Why would you want to use those ports if you want to remain secure? You could always tunnel http over ssh*

* I would advise against hosting a server on there at all if possible

Well, now that you mention it... I guess I'll use non-standard ports... the reason for remote access is so that I can access the WebUI for my uTorrent and a a server so I can play around with CGI (aka use putty+vim to edit scripts and then test them in the browser)

[aegis]

open a machine you don't mind people compromising

[SinbadEV]

So the short answer is don't open any system to public access unless you are okay with it getting hacked?

[aegis]

you're probably not going to get hacked if you don't have much traffic, don't run public old versions of software (wordpress, drupal, joomla, shopping carts, etc), and don't have short passwords (you should just use key auth for ssh anyway)

from large-scale experience (work), accounts on public servers are hacked through stolen passwords (phishing, virus, open wifi...) or old versions of common software

just keep your box up to date and don't run wordpress 1.0 and you'll be fine