On Fri, Jan 10, 2020 at 05:35:28PM +0000, steve-ALUG@hst.me.uk wrote:
On 10/01/2020 13:02, Huge wrote:
On Fri, 2020-01-10 at 09:45 +0000, Chris Green wrote:
I have been looking at making some web pages of mine *slightly* more private recently. There's nothing seriously important on them, just some addresses (that people could find elsewhere easily enough) and some other similar sorts of bits and pieces.
In which case I wouldn't worry.
Why do you want to do this? You don't care if the data is stolen. Do you care if it is lost or the site is unavailable?
Sounds to me like the only thing you have to worry about is someone using it to host dodgy material (kiddy porn, viruses, phishing targets). Most of the phishing emails I receive have links to small business sites that have been p0wned to store the payload viruses.
TBH, I wouldn't bother, but if you can implement TLS without huge effort & cost, why not go for it?
The above are valid points. My first thought is Do you need a public website, if it's just info for you?
Yes, mostly, for me and family and, occasionally maybe, friends. Thus it's handy for it to be out on the 'public' internet. I do such things as post pictures of things I'm selling or which I want family to look at and see if they want.
If so, VPN into it, or tunnel into it with SSH and then make it otherwise inaccessible to the outside world.
Relatively messy though. I do use ssh tunnels for some things but they're not really 'family friendly'.
Then you don't have to worry so much about making it secure, because no-one but you can get at it.
I had a look at http://isbd.net/ which I presume is yours. I don't know if that's the one that you are talking about, but if it is, none of the pages opened as https for me.
They should now, if not then I'd be interested to know. I did the changes today (10th January) around 2pm.
Also, I don't know much about trying to hack a website, but displaying the PHP status & config info on a webpage just sort of highlights if there are any vulnerabilities that may be exploited.
Yes, true enough, but hiding them is only 'security by obscurity' isn't it!