1
0
mirror of https://github.com/CHEF-KOCH/Warez synced 2024-12-26 00:33:00 +00:00
Warez/Bulletproof Hosting.md
2019-12-09 10:44:47 +01:00

11 KiB

Domain Name Registrars

Warning: Avoid UK, USA, Australia, European Union and every countries with strong copyright laws.

Hong King

Russia

Sweden

Iceland & Seychelles

Dominica Republic

USA

Reverse Proxy

Fastflux

DNS

Tor based HOSTS

VPS

Hosting Providers

Warning: Some countries like Kazakhstan, Korea and Ukraine forcing Hosts to use government SSL Certificates, this means they can MITM the connection!

Bahrain

Belarus

Costa Rica

Estonia

Hong Kong

Hungary

Iceland

Kazakhstan

Latvia

Lithuania

Moldova

Netherlands

Romania

Russia

Serbia

Sweden

Taiwan

Switzerland

Ukraine

Vietnam

USA

Other Hoster with many locations

Common Sense

  • Fastflux hosting does not need a reverse proxy. This services are explicitly made by Russian or eastern European cyber criminals.
  • Check your server, and how reliable it is in terms of security and privacy, online services like https://centminmod.com can test your server and it's configuration to ensure nothing is "leaking".
  • Use Cryptocurrency whenever possible. Monero is a good start and you can use services like https://XMR.to while behind VPN/Tor to convert & Pay with Bitcoin on the fly.
  • You could register an anonymous corporation on Seychelles or Belize, and then register all domains, server and proxies under the newly created corporation's flag.
  • Use unique usernames for eMails, services, and hosting. Do not reuse any previous usernames or eMails for new websites you visit.
  • eMails could expose you, because they might include private information in headers, that been said if you need to work with eMails, ensure that you use different SMTP servers. https://COCK.LI and https://mailcheap.co as well as https://amazon.ses are good services (free/paid). Creating anonymous Yandex accounts is also possible to rotate servers: https://anon.to/JBSHFT.
  • Think about self-hosting! It's cheap and does not require a lot effort, however keep in mind that your setup should be "bulletproof".
  • GeoIP block critical countries, this could help to get less attention and gives local government little reasons to inspect your website/hoster.
  • Avoid any host which ask you for ID verification.
  • Use Tor/I2P/Freenet whenever you register to a new service, some services block or trigger a alarm on their end, which makes your order fraudulent, consider (in this case) to use a free open wifi in order to bypass this.
  • Check if someone can see your hidden backend server IP via https://dnsdumpster.com. In general you should block every IP connection to your backend server, only allow your own connection, VPN's or reverse proxies. You quickly can check if someone has an "open" backend IP service via services like https://censys.io.
  • It's a myth that Cloudflare does not forward DMCA complaints, they forward everything. However, Cloudflare does not store any "sensitive data", which means forwarding "useless" information is similar like ignoring the DMCA request. A general advice is that whenever you use Cloudflare you should use a bulletproof backend server as well to avoid DMCA takedown request in the first place, so less or nothing gets forwarded (less "leakage risk").
  • Don't be naïve or stupid! Bulletproof hosters as well as politics and government's can change over time.