Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : A private website

[auen1]

I recently started my own website which has a discussion forum. (MyBB.)
This forum is designed to be as another way for my family and friends to communicate and share ideas.
My intent is to keep it low profile as possible,(ie. from sight of crawlers, hackers and Google Search, etc.)
After a little research on the internet, it seems to suggests that the best place to try and keep my website is on the Deep-net or Dark-net.
I always thought that the Deep-net was a secret internet, separate from the surface internet and a place where things "behind closed doors" were conducted.
I might have been a bit right, but it really sounds like a section of the internet that the crawlers have not found yet, for one reason or another.

So I am in search for suggestions and ideas to hide my website from public view as much as possible. And protect the information on the site.
Also, I don't want to hinder registered members entry to much, discouraging them from visiting.

This is what I have so far:
Domain behind a proxy.
Linux based web host w/ developers plan,(w/cPanel)
SSL certificate, not applied yet.
Dedicated IP, not applied yet.
MyBB forum installed.
Searching for 3rd party sw/script for site password entry.
Researching the possibility for encryption of the site.
Code and website knowledge=MED-LOW.

Thank you for any help. I am kind of stumbling my way through the process, so please don't assume I know what you are talking about, lol.
Any links to articles or related threads are also welcome.

Thanks!

[richardhay]

Good morning.

Honestly, I think that you're going a bit too far. Personally, I would:

1. Add a robots.txt file to prevent most crawlers from indexing the site. (Just search for robots.txt for more information.)

2. Set up the username and password schema on MyBB and hide every forum to users who are not logged in.

If you wanted to take it a step further, you could put the forums in a subdirectory and then password protect that directory--so that users had to log in to the directory and then into the forums. That way, a non-logged-in user wouldn't even know that you had forums installed. You could then also redirect the main directory somewhere else--such as to google.com--so that if someone typed in your domain without the subdirectory, they would be taken elsewhere.

Hope this helps.

Richard

[m8internet]

No matter what you do, once a website is on the internet it can be found

As above, you can take some basic measures to reduce the chance of it being found

1
I would start with an obscure folder name for the forum installation
Example :
/the_private_folder/

2
Once you have installed your forum into this folder
Delete the register.php file (only upload it when required, then delete it again)

3
Set the forum to private

4
Password protect the main folder (which should then apply the folder as well)

5
Upload the robots.txt file (Deny all)

6
Create a google webmasters account, add the website
Go to Crawler Access, Remove URLs and remove any that appear in site:domain name (when searched from google)

[auen1]

Thanks, This is the information I was looking for.
I have taken a few of the steps mentioned, such as putting the forum in a sub-directory. I think I can rename the containing folder easily enough.
And I deleted the register.php file.
I will follow through with the robot.txt upload. I didn't know anything about this, thanks for the heads up.

A couple of questions for my clarification.

Quote:

hide every forum to users who are not logged in.

Quote:

Set the forum to private

Are you referring to user permissions? I have blocked guests from everything I could find, but they still see the forum name, board statistics, and the shout box plugin.
Is this just the way it is or have I missed a step in the configuration?
Or should there be a master switch that turns the forum to "private"?

Quote:

Password protect the main folder (which should then apply the folder as well)

Right now my main folder is empty and is structured like this: website.com/forum/
I have asked the web host(Surpass) and cPanel about a password for users entry.
I was told that is handled by third party software. She also suggested I check out WHT for advice.
Would something like WordPress (installed in the main folder), have the tools I need for password entry? Or do I look in a different direction for the solution?

Quote:

Create a google webmasters account,

I will follow this lead too. But I was wondering if I need to set up one with all the major search engines, or will the google one take care of everything?

I really appreciate all the advice,

Thanks!

[m8internet]

Quote:

Originally Posted by auen1

Are you referring to user permissions?

No
Go to the admin area and create the forum categories
You will then see permissions for this
Select the highest available (usually members only)

As visitors cannot register (as you have deleted the register.php file from the server) they cannot view these categories, but the members can

[Steven]

Well first off if you want this to be secret, you don't want to use a shared hosting provider.

[lynxus]

Wow..

Just put your site in a folder /mysite/

And add a .htaccess

Now either lock people down by IP address or give them usernames and passwords.

Done.

No one can access it and it wont be crawled.

[bqinternet]

Quote:

Originally Posted by auen1

I always thought that the Deep-net was a secret internet, separate from the surface internet and a place where things "behind closed doors" were conducted.

There are a few hosts on WHT that can get you an IP on the darknet, but you really shouldn't be talking about it in public. If the darknode route operators see it, you might end up on the Z-list.

[lynxus]

Quote:

Originally Posted by bqinternet

There are a few hosts on WHT that can get you an IP on the darknet, but you really shouldn't be talking about it in public. If the darknode route operators see it, you might end up on the Z-list.

/chuckle

Yeah and the internet umpa lumpas will kill you.

You could put your site inside the ToR network... But as mentioned.. Just add a damn htaccess and be done with it.

[auen1]

Quote:

Just put your site in a folder /mysite/

And add a .htaccess

Now either lock people down by IP address or give them usernames and passwords.

Done.

No one can access it and it wont be crawled.

I'm looking into your advice and now know a bit more. htaccess sounds like a very important tool, if you know how to use it.

I like the idea of "locking down people by IP"
Possibly have an example script that will do that?