New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@joelgm
This is the practical advice you're looking for.
Copyright in coutries like Ro, Ru, Ch etc. doesn't matter - unless it's local staff and even then, maybe. So, pick a hoster on such a place and you're done. Of course, you always keep backups.
@joelgm : @cociu is pretty cool with it.
If you want to give your provider some shielding, he's got KVM hosts(with vnc) for LUKS block storage.
His support staff is quite good. +Native quality english speakers.
Alright. Help me pick a russian registrar too..
Russian: https://panel.regway.com/user/neworder/order-domain-registration/
Half-Russian (run by russians): https://evonames.com/
And chinese...
http://www.eranet.com/
edit:
They wanted my passport number.
It's required for RU domains.
Anyway, you weren't going to give them true data, right?
I mean, for those purposes...
I was giving them partial data...I guess that was pretty stupid.
server.lu will kick you after a few DMCAs and they also tell you to take content down even when there is only 1 complaint.
Cloudflare resolvers are nothing new, and they only work if you leave DNS entries in your configuration that could reveal your real IP (eg.
direct,direct-connect,mail, etc.). Somebody on here did point out another potential issue, but if it is CNAME flattening at fault (like I suspect it is), it will be patched eventually.So no, you cannot necessarily get the real IP behind Cloudflare, unless there is indeed a bug in their CNAME flattening.
@hostnoob For example, yes. But even if everything's secure this far - if the site is a forum or something else where you can upload images (guess it works with most sites where you can upload pictures), there's iplogger.org
That reveals visitor IPs, not server IPs.
It is a common practice by most Russian domain registrar to request passport information. Unfortunately, when they ask for these details, you must provide or not be able to buy domain.
If you enter partial or invalid data, you may get away with it if the company does not check if the information is valid.
I suppose there are services you can use to send mails for the server. But then again, that could be another trail pointing back at you. Is there a method of sending mail without getting your server ip leaked?
Anyone have experience registering .ru domain? Are there registrars who don't verify passport data?
@joepie91 It reveals the true ip of visitors - yes. But also the one from the server. Take a look at the invisible ip logger. Everyone who "opens" the image will be logged - including the server you upload the image to.
@joelgm I don't think there are registrars which don't require it because it's a guideline by the RU-CENTER. But obviously the pp number doesn't has to be correct, take a look at this: http://lowendtalk.com/discussion/24891/register-ru-or-su-without-a-russian-passport
Mailing: Mandrill. Test it first, but I never had the server IP leaked.
.ru: evonames (never been asked anything)
evonames.com? It doesnt list .ru.
After you register, it does
Evonames asked for passport, but didnt give me a field to type it!
@joelgm https://ahnames.com/domains?language=en are the same people, more expensive, and have live help. Maybe you can ask them?
I'd opened a ticket at evonames. Their response was crazy
"Hello,
Evonames doesn't work with dot RU domains.
May be you saw this info on the site of our partner (AHnames.com)?"
Indeed. I guess you have to use AHNames or another registrar...
That is not technically possible, unless you can make the server explicitly retrieve the image (which most software doesn't do).
vstoike.ru (Nekki mentionned them already) work very well for me since several months. You should at least consider them if looking for a russian host for your files!
If the OP's software will allow remote downloading you can just get it download a file from your server and check the IP in the access log. that's how most IPs behind cloudflare are exploited, things like forums which allow you to set a remote image as an avatar.
And of course sending mail from the same server (even using Mandrill leaves the original IP added to the headers)
Yes, that's what I said...
I could easily fix that by adding a layer of perl script on the server to wget the remote files through a socks proxy through tor. The tor route would be flushed before each request.
Mail would be a problem. I'm not sure whether I can disable mail altogether, and rely on captchas and other stuff to weed away bots.
Hi.
Havnt read all the commenys in between, only few initials one.
Is it possible that you could make the website register and use only?
And provide those links to registered users only.
You may put the details to be read by anyone, just not the links to be downloaded.
Restrict search engines to crawl your website.
If you are not looking to earn anything, you may make it slightly easy for yourself.
Yes. But what if they're dissatisfied with my response and take it up with the upstream POC's abuse department?
I've registered a .ru for the service. I have to think of some mechanism of transferring/mounting files from my dedicated to the Ru/Ro VPS on demand. Thoughts?
If you only need the files when they will be accessed and not be stored, use a nginx proxy (with caching maybe).
If they will be stored, just replicate the file dir as new files are uploaded. Even rsync with cron can do this for you, or you can code something simple to manage files as they are uploaded to your dedicated. PHP cURL for example should work for the latter.