1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure and/or Encrypted Server and Domain Registrar

Discussion in 'Black Hat SEO' started by ameristand, Mar 26, 2010.

  1. ameristand

    ameristand Newbie

    Joined:
    Dec 2, 2009
    Messages:
    7
    Likes Received:
    4
    Hi Everyone. I have been around for a little while browsing the forums soaking in all the info. So, officially hello to everyone.

    I have a question. I am interested in knowing if anyone can recommend a hosting provider who offers encrypted servers or will not respond to government or court requests. I have tried searching but have not found anything that is exactly what I am looking for (maybe I am blind).

    To be a little more specific, I am looking for someone who can provide the ability so that the information I have stored in the databases can either not be accessed by anyone, even the hosting provider (because it is encrypted) or will not be disclosed by the hosting provider even from a government request.

    In short I am looking to have a website hosted in country x but the database that holds all customer information in country y on a server that is either encrypted or would not be disclosed (or both).

    Any suggestions would be greatly appreciated. Price is not necessarily an issue provided the solution is trustworthy, good and proven. Privacy and security for our clients and us in imperative.

    Also looking for a secure domain registrar that would not yield to government inquiries. If there are any suggestions it would also be very helpful.

    Again thank you for any help that may be provided.
     
  2. 9errors

    9errors Newbie

    Joined:
    Nov 2, 2008
    Messages:
    29
    Likes Received:
    4
    Occupation:
    Self Employed
    you need hardware security module in order to achieve what you want. everything is stored in the a hardware security appliance. any external force trying to open the appliance will immediately erase all security keys stored within it. only a master secure card can access the data inside, and you keep the card with you. only trusted application can access the appliance for encryption and decryption operation.

    such an appliance is not cheap. the development effort would be considerably huge depending on how secure you want to protect your data.

    such appliance tend to have strict export law. you might need to present a lot of documents just to purchase it.

    also, it does not warrant full security as the application is the weakest link. cos after all, it has access to the appliance. hacking the application will gain access to the encrypted data.
     
    • Thanks Thanks x 1
  3. neuromancerx

    neuromancerx Registered Member

    Joined:
    Feb 6, 2010
    Messages:
    55
    Likes Received:
    13
    Location:
    internets
    build your own $300 openbsd encrypted server with separate pf firewall, then google how warez piracy topsites and carders hide their shit. i wouldn't trust any host if what you're doing draws serious attention. (see hushmail getting raided)

    you can register anonymous domains and nameservers/SSL in russia easily http://anonym.to/?http://www.reg.ru/en/index or even yohost.org is good. why do you want a database full of customer information? you should only need their email address after payment for whatever your doing.
     
    • Thanks Thanks x 1
    Last edited: Mar 26, 2010
  4. 9errors

    9errors Newbie

    Joined:
    Nov 2, 2008
    Messages:
    29
    Likes Received:
    4
    Occupation:
    Self Employed
    agreed. there are no true security. there will always be 1 password that is in plain and just riding on the application that can decrypt the data will allow anybody to have full access to it.

    even a secure premises isn't that secure cos you still need to get an internet connection.

    it boils down to how many hops it takes to trace down to the root.
     
  5. neuromancerx

    neuromancerx Registered Member

    Joined:
    Feb 6, 2010
    Messages:
    55
    Likes Received:
    13
    Location:
    internets
    full disk encryption is subject to a ton of indirect attacks, google how hacker Max Ray Vision had his 5TB carding database broken by the FBI because he used full disk.

    encrypt directories or partitions instead. better yet keep zero information and run everything anonymously
     
  6. ameristand

    ameristand Newbie

    Joined:
    Dec 2, 2009
    Messages:
    7
    Likes Received:
    4
    Thanks for all the info and help. Unfortunately we need to keep the info on record somewhere so just not keeping the info is not an option. I am going to look at yohost as suggested in the meantime and put some thought into hosting the info on my own encrypted machine perhaps.
     
  7. neuromancerx

    neuromancerx Registered Member

    Joined:
    Feb 6, 2010
    Messages:
    55
    Likes Received:
    13
    Location:
    internets
    there's articles in 2600 magazine that teach you how to hide data in the streams of mp3 files.

    then you just spread those files around anonymously throughout the internet on secure servers. many 'in plain view hiding' type options available. but this of course depends what you need (instant access to database?).

    encrypting the data before backing it up to a virtual private server would work. you could use GPG, then store it offshore. just make sure to never decrypt on the VPS because they can easily capture your passwords and this has happened plenty of times, especially with go-daddy