TOR, a WAF and luck?

Hey guys, hope you are doing great :slightly_smiling_face:
I am about to set up a domain to use on the Onion network, I already have the domain name and the Apache and database set up.
However, because this is going to be on my own network I want to try to be as safe as possible.
Measures I’m taking are:

A Linux OS => behind a WAF => on it’s own VLAN => with VPN (Proton) => and then Tor.

That is basically how I picture the setup.
No dynamic content nor JavaScript will run on the site.
The intention is to avoid anyone from figuring out where I am, AND to keep the site safe from attacks to the best of my abilities.

What are your opinion on this?

Sorry for any spel errors, english is not my language, I checked but you never know.

Thanks for reading my first post. I appreciated.

3 Likes

Might be worth asking this in the discord server as you might get more replies :slight_smile:

1 Like

Hey Danus, thanks for the suggestion. I’m not on the discord server, I’m not a fan of discord, I don’t like it.
It’s ok if people don’t reply, just wanted some feedback that’s all.
I’ll be going with it regardless.

Hope you are well, thanks! :slightly_smiling_face:

1 Like

Great that y help to make the onion net saver

Awesome dude!! Best of luck.
It will be helpful if you do a writeup here or elsewhere how you set-up

2 Likes

You just need to check the access log time by time and if it not a PHP/Python WebApp
you don’t need to be scared at all ! and there is some bots that do random attacks don’t be scared of it (you’ll notice these attacks in the access log) most of it uses old bugs or whatever …

1 Like

Man, I would completely avoid running a hidden service on your own network…

4 Likes

Hey @fa_ka900b… That is a great idea! I will do some writing.
Thanks for suggestion!

1 Like

@yeezi, I understand why you say that. However, I need to right now, and I don’t trust a vps or anything I can’t get my hands on at any time. It was a possibility tho, to run it on some vps provider, but I prefer my data close by.

Good tip @DamaneDz, I’ll configure some alarms and specify to show scans and/or non http(s) trafic on a diferent monitor window. That’ll help to keep things clear.

Don’t forget to share us what you did :smiley:

1 Like

I don’t have any technical knowledge to share, but bumping :slight_smile: . Would be awesome if you share a quick writeup @New001 (when you do figure it out)

1 Like

Yes! you can count on that!
Then you can judge me with complete confidence :rofl:

1 Like

thanks, appreciate it!

1 Like