Jump to content

Recommended Posts

Posted

I have an extra desktop computer with no OS installed, that I use for playing with live boot linux disks.

I would like to host my own server/website, with the maximum possible security and anonymity then offer it up as a hacking target like www.hackthissite.org so that I can learn by trial and error how to secure/run a server, and maybe make a few friends in the process (visitors).

What choices would you make to get started?

Do you think that the choice of server matters, or are they all basically equal except for whichever one is easiest to configure properly? Should I just go with Apache despite all the vulnerabilities?

What would be the role of a service like www.noip.com or dyn.com? Would those DNS services actually keep website visitors from seeing my home internet connection IP? If I register a domain, sign up an account at www.noip.com, is that no IP host my nameserver for the DNS name?

If I have the website/webapp running on the old desktop I'm making my server, then can I still use VPNs on my other home computers/laptops/devices without knocking my website offline?

Does it matter which distro/OS I pick, and what do you recommend if so? Most of the sec distros at www.distrowatch.com are blackhat focused, so I don't know if it would really help me as the webmaster / sys admin?

Should I use something like NetSecL or LPS that is configured to be isolated and more locked down?

Thanks in advance

Posted

Ok, if you want to host the site anonymously so that people can connect to the site without knowing your IP then you are going to want to be looking at setting up a hidden service in something like I2P or tor. Getting a hidden service, really hidden is actually very difficult so you will want to read up on the documentation and tutorials. (Irongeek has quite a bit on i2p) and could be a good place to start to get a grounding on the subject.

Posted

Thanks, you're right. That's a good answer, but I should have mentioned that I'm scared of the darknet and don't want to mess around with it, because I think it would put me in a small group filled with a lot of really really bad people, blah, blah, blah

Posted

But I mean I was going to host the webpage on my computer anyway, which is what a darkweb host would do for you, right? I just wanna know like what's the best server (Apache, etc), what Operating System (NetSecL), etc

Posted

You could probably take some of the advice for running a hidden service in tor securely and apply it to just running on a machine on your local network. Things like running your webserver as a virutal machine where the host machine blocks almost all access from the virtual machine to the rest of your network would help prevent them attacking any of your local machines if they did manage to control the web server.

From an operating system for security point of view I would suggest that you check out OpenBSD, which has a very strong emphasis on security.

Really Apache would be a good webserver to use as it is regularly being patched and there is a lot of documentation for it and how to configure it.

Posted (edited)

Thanks, you're right. That's a good answer, but I should have mentioned that I'm scared of the darknet and don't want to mess around with it, because I think it would put me in a small group filled with a lot of really really bad people, blah, blah, blah

You could look into buying a private VPS (virtual private server)! And then use a VPN service to connect to it from home, so that you don't expose your real IP address.

Edited by Infiltrator

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...