or use Qubes OS , its useful with some knowledge about it to make it great OS for hosting (i didnt test that for web hosting , but theoretically possible).And more secure than docker or plain debian or bsd ...etc.
Mirimir: > On 11/15/2018 10:23 PM, Daniel Winzen wrote: >> Hello, >> >> yes my server got hacked. How - I do not know yet and I will need to do >> an extensive analysis. I did indeed not maintain backups, partly for the >> reason that users should have the right to be forgotten immediately when >> deleting their accounts. Around 1TB of data is gone. > > Hey, sorry about that :( And I do got your point about backups. > Although, in retrospect, a backup setup with relatively fast rotation, > and thorough deletion of old backups, would be prudent. > >> The scripts are open source and anyone who would like to build something >> similar is welcome to do so. However you should note there might be a >> risk of getting hacked too in case the vulnerability is hidden in those >> scripts. I will re-instantiate my hosting only after the vulnerability >> is found and fixed. https://github.com/DanWin/hosting/ > > As I said, shared hosting is a security nightmare. As I understand it, > you're depending on not much more than permissions to protect users from > each other. And in that situation, it's not _that_ hard for a skilled > hacker to get root, and do what they like. > > If I were going to attempt such an .onion hosting setup, I'd use a > couple levels of isolation between users. But first, I'd use LUKS with > dropbear for server FDE. It ain't perfect, but an attacker would need to > take some care while impounding the server. > > Basically, I'd setup several KVM domains, to help limit damage from a > compromise. Within each domain, I'd put each website in a Docker > container. Given a custom Docker-optimized kernel for the host, and XFS > storage, it's possible to set hard limits on CPU, RAM and storage for > each Docker container. > > Docker containers rely on kernel namespaces and cgroups. That's not as > secure as using full VMs, but _far_ lighter. And _far_ more secure than > chroot, which many shared-hosting setups still rely on. Alternatively, > one could use FreeBSD jails, and maybe that can also work with Docker. > > Anyway, if you're interested, I'd be happy to help. I'm just a hobbyist, > and totally self-taught. I mostly just use shell scripts. And I lack the > patience and organization to actually operate a shared-hosting site. > >> Any updates will be posted on my front page: https://danwin1210.me/ >> >> Regards, >> Daniel >> >> On 16/11/2018 06:13, Mirimir wrote: >>> On 11/15/2018 09:52 PM, tor...@secmail.pro wrote: >>>> DanWin1210.me hosting service was hacked. >>>> https://danwin1210.me/ >>>> >>>> All Tor Onions are dead. >>> >>> I guess that he didn't maintain backups :( >>> >>> Maybe some of those .onion owners did, though. >>> >>>> FH1: Unknown >>>> FH2: Took down by FBI >>>> FH3: Unknown >>>> Danwin1210: Ripped by Anonymous >>>> >>>> Now where is "Freedom Hosting IV"? >>> >>> Shared hosting is a security nightmare. Just sayin'. >>> >>>> And why so hate on Tor Onion service? >>> >>> This was just for lulz, no? >>> >> >> >> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
