On 10/01/2020 13:02, Huge wrote:
On Fri, 2020-01-10 at 09:45 +0000, Chris Green wrote:
I have been looking at making some web pages of mine *slightly* more private recently. There's nothing seriously important on them, just some addresses (that people could find elsewhere easily enough) and some other similar sorts of bits and pieces.
In which case I wouldn't worry.
Why do you want to do this? You don't care if the data is stolen. Do you care if it is lost or the site is unavailable?
Sounds to me like the only thing you have to worry about is someone using it to host dodgy material (kiddy porn, viruses, phishing targets). Most of the phishing emails I receive have links to small business sites that have been p0wned to store the payload viruses.
TBH, I wouldn't bother, but if you can implement TLS without huge effort & cost, why not go for it?
The above are valid points. My first thought is Do you need a public website, if it's just info for you? If so, VPN into it, or tunnel into it with SSH and then make it otherwise inaccessible to the outside world. Then you don't have to worry so much about making it secure, because no-one but you can get at it.
I had a look at http://isbd.net/ which I presume is yours. I don't know if that's the one that you are talking about, but if it is, none of the pages opened as https for me. Also, I don't know much about trying to hack a website, but displaying the PHP status & config info on a webpage just sort of highlights if there are any vulnerabilities that may be exploited.
Just my 2p
Steve