From Newsgroup: rocksolid.nodes.help
On Wed, 25 Dec 2024 20:00:26 -0600, No One wrote:
I am trying to set up a hidden forum with NNTP access.
How would I secure Rocksolid behind a Tor Hidden Service address?
A few concerns need to be addressed.
- prohibiting leakage of server IP or hostname
Disable all email features.
- sandboxing to prevent exploit traversal
That's for the admin to handle.
- disabling email confirmation and all email functions in rslight
All leakage of any kind of server data must be rendered impossible.
Yes, disabling email features is the first thing I would do. Have a look at
the config files 'rslight.inc.php' and 'overrides.inc.php' to see what can
be disabled. Get rid of 'phpmailer.inc.php' just to be safe.
Try using one of my sites via tor (news.novabbs.org is here:
http://fev4bgoasgxttqb3x3tukxxia6lwryteq6a2ramqb2gjiol3zbu6xaid.onion/common/register.php
and see what info you can determine at the user's end. Post, try email (to
make sure it's really disabled), etc. and see what you find.
RSLight isn't meant as a stealth application, so it's not meant to be
hidden, but that doesn't mean that it can't be.
Please let me know if you find something that should be obvious for me to
fix.
--- Synchronet 3.21a-Linux NewsLink 1.2