[HacktionLab] Fwd: [Newmedia] Fwd: Web server/host advice - as discussed
Garcon du Monde
gdm at fifthhorseman.net
Mon Jul 4 15:33:08 UTC 2011
hi,
On Mon, Jul 04, 2011 at 02:58:34PM +0100, mick fuzz wrote:
> as discussed
>
> > same goes for nologic - i have never seen anything that indicates a
> > level of security-awareness. however, i have heard they host some
> > relatively big sites.
> >
> I know these guys. I believe they don't log ip-addresses.
> What other concerns would there be for this kind of activist hosting. I'm
> sure that they would want to implement them if they don't already.
they don't provide secure webmail, for instance:
* http://mail.nologic.org/src/login.php works.
* https://mail.nologic.org/src/login.php does not work: it has a certificate that
a) belongs to the wrong site
b) is out of date
c) is untrusted (but because it is self-signed)
and then there is nothing at that page anyway.
> Is there some kind of guide we could point people towards?
>
> * install apache mod remove_ip
> * turn off ftp logs
> * take down policy?
there is a 'policy' that was drawn up by people from a number of
different activist groups, although i don't know if it was ever made
public. i can chase that one up.
i'm also very happy to talk with them and provide advice if you'd like
to give them my email. iirc, i think i tried to communicate with them
once previously to offer them help, but nothing ever came of it. which
added to my impression of them not being that secure (but that might
just be my memory playing tricks on me).
solidarity,
--gdm
--
GPG: 5607 E4BC C6B6 90F4 5EBC B348 D01B 9D77 912F 963C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.aktivix.org/mailman/private/hacktionlab/attachments/20110704/6a0a1007/attachment.pgp>
More information about the HacktionLab
mailing list