TOR, a WAF and luck?

Hey guys, hope you are doing great :slightly_smiling_face:
I am about to set up a domain to use on the Onion network, I already have the domain name and the Apache and database set up.
However, because this is going to be on my own network I want to try to be as safe as possible.
Measures I’m taking are:

A Linux OS => behind a WAF => on it’s own VLAN => with VPN (Proton) => and then Tor.

That is basically how I picture the setup.
No dynamic content nor JavaScript will run on the site.
The intention is to avoid anyone from figuring out where I am, AND to keep the site safe from attacks to the best of my abilities.

What are your opinion on this?

Sorry for any spel errors, english is not my language, I checked but you never know.

Thanks for reading my first post. I appreciated.

3 Likes

Might be worth asking this in the discord server as you might get more replies :slight_smile:

1 Like

Hey Danus, thanks for the suggestion. I’m not on the discord server, I’m not a fan of discord, I don’t like it.
It’s ok if people don’t reply, just wanted some feedback that’s all.
I’ll be going with it regardless.

Hope you are well, thanks! :slightly_smiling_face:

1 Like

Great that y help to make the onion net saver

Awesome dude!! Best of luck.
It will be helpful if you do a writeup here or elsewhere how you set-up

2 Likes

You just need to check the access log time by time and if it not a PHP/Python WebApp
you don’t need to be scared at all ! and there is some bots that do random attacks don’t be scared of it (you’ll notice these attacks in the access log) most of it uses old bugs or whatever …

1 Like

Man, I would completely avoid running a hidden service on your own network…

4 Likes

Hey @fa_ka900b… That is a great idea! I will do some writing.
Thanks for suggestion!

1 Like

@yeezi, I understand why you say that. However, I need to right now, and I don’t trust a vps or anything I can’t get my hands on at any time. It was a possibility tho, to run it on some vps provider, but I prefer my data close by.

Good tip @DamaneDz, I’ll configure some alarms and specify to show scans and/or non http(s) trafic on a diferent monitor window. That’ll help to keep things clear.

Don’t forget to share us what you did :smiley:

1 Like

I don’t have any technical knowledge to share, but bumping :slight_smile: . Would be awesome if you share a quick writeup @New001 (when you do figure it out)

1 Like

Yes! you can count on that!
Then you can judge me with complete confidence :rofl:

1 Like

thanks, appreciate it!

1 Like

Beter dont use proton vpn cause the firm is doing with CIA and NSA. You woudl know that if you really sometimes look up in tornet.

Now hold on. Why do you think that? Have something I can read?
It would be a major blow to my expectations of the Proton team.

Thanks dude.

1 Like