IMPORTANT-READ ReBreached - Launch - forum OPSEC details - Printable Version +- ReBreached Forums (https://rebreached.vc) +-- Forum: General (https://rebreached.vc/Forum-General) +--- Forum: Announcements (https://rebreached.vc/Forum-Announcements) +--- Thread: IMPORTANT-READ ReBreached - Launch - forum OPSEC details (/Thread-IMPORTANT-READ-ReBreached-Launch-forum-OPSEC-details) |
ReBreached - Launch - forum OPSEC details - ReBreached - 06-28-2023 Welcome to Rebreached Forum
we aim to offer more transparent security so below is our OPSEC details
OPSEC
- Forums and host
Forum is running as a container isolated from host to simplify migration to other hosts (in case), backup, defense and mitigate damage. Forum is behind double reverse proxies Close-end acting as web applications firewall WAF Far-end managing traffic throttling, basic security, cache, authorizing sensitive endpoints Host server is behind Cloudflare and it will simply drop all side connections Users’ IP addresses are not logged in the forum’s database, and all records are removed within a week from other log files - Email is not required to be confirmed[can use a total fake email] SSH to host server will only allow TOR traffic to establish connection, forcing anonymity for system administrators and making it harder for brute force attacks. Host system and system services are auto updated Host real IP is masked using multiple techniques, and SSL fingerprinting is minimized by issuing HTTP certs via DNS challenges Eventually domain name could (or will) be banned by provider therefore backup clear net and darknet domains are in place. Auto backup (ENABLED) - But on the host not the application level (Because it’s vulnerable) CDN The file servers are still not protected as good as the forums, however we have some tricks in our pockets The file download and validation mechanism is built from scratch and therefore it’s a black box Traffic is forced through Cloudflare Real IPs are not masked but will be soon SSH via TOR only Auto update and upgrade (ENABLED) Admin access We are humans and so we understand that we need to eliminate human error factor, of course to protect ourselves, but more importantly protect the project. Dedicated end points. So, no gaming, no chilling, no nothing on our endpoints except for this work only. Dedicated accounts to null all possible correlation. We use stack overflow using a unique dedicated username on it. And same for ChatGPT by the way. No direct admin access, neither on our endpoint nor on servers, there has to be extra authentication and authorization before any root level operation. Always on TOR & VPN on our endpoints and MIFIs Open or private wifi connection in the extremely unlikely case of tracing our IP address it won’t lead anywhere useful. No single point of failure, in case someone was ran under the bus Rotate keys, IPs, providers, servers, freelancers. Don’t trust any tool for too long. Future plans and notes Distribute hosting the forums on multiple host servers (Better redundancy and backup) leveraging k8s, and database replication. Use more hidden networks services (like I2P and Loki) to promote more anonymity Distribute CDN onto a cluster of servers Rotating unnecessary data (ex: delete messages within a window of month) to minimise the damage of any breach that could happen in future. Enable bittorrent download of files. But probably we’ll have to encrypt zip files to make our providers happy Move away from MyBB as it is fragile by design (many plugins, themes, backend, etc ..) Note: CloudFlare is playing a major role but we recognize that they are basically just MITM and we have to move away. Note: unfortunately the first people to attack us (and make us stronger) were the people supposed to support us, and thus the use for this many firewalls Obvious ones Database is protected with its own user and password, and its network port is private HTTPS traffic is enforced with 301 redirect for the clear net, and an onion link is advertised for better privacy Payments are only accepted in Crypto coins (Monero is recommended) and to the public advertised addresses (Don’t get yourself phished Please read the rules, contribute and enjoy your time here. RE: ReBreached - Launch - forum OPSEC details - Omnipotent - 07-10-2023 (06-28-2023, 02:33 PM)ReBreached Wrote: Lets go brother RE: ReBreached - Launch - forum OPSEC details - 666 - 07-13-2023 Exciting. Looking forward to doing business on here RE: ReBreached - Launch - forum OPSEC details - ReBreached - 07-13-2023 @666 Thank you, looking forward to host you :) RE: ReBreached - Launch - forum OPSEC details - An0nPr1v - 07-15-2023 Great place, thanks Looking forward for the onion/I2P service RE: ReBreached - Launch - forum OPSEC details - 911 - 07-15-2023 Slay em , keep it up RE: ReBreached - Launch - forum OPSEC details - FNFA - 07-23-2023 LETS GO RE: ReBreached - Launch - forum OPSEC details - ther0ck - 07-23-2023 Goo! Looking forward to doing business on here RE: ReBreached - Launch - forum OPSEC details - hero007 - 07-25-2023 good start thanks RE: ReBreached - Launch - forum OPSEC details - 0x25 - 07-25-2023 Let's go |