Boyah Forums

General => The Lobby => Topic started by: rdl on February 03, 2017, 11:59:59 PM

Title: need advice from the elitest hackers
Post by: rdl on February 03, 2017, 11:59:59 PM
hello hackers,

so i need to create this resource that has people's names and contact info (email, phone) and general location (city) in it. however i need to protect these people's info from people who might want to harass them. its apparently happened before. how can i do this while still making it a public resource?

all i can think of is just have login identification, so that if anybody does leak it to people with bad intentions we can try to figure out who gave someone their login. but i dont want to make people have to create an account because then they'll never use it. i was like, maybe there's something we can do with encryption but if it's a public resource then, not really.

can you have something private that doesn't require login? i dont think so. maybe keep it unlisted and off of google and just pass the link out to specific people? idek.

fug
Title: Re: need advice from the elitest hackers
Post by: Daddy on February 04, 2017, 12:21:10 AM
Put it on a website that is only accessible from certain IP ranges (ideally the ranges used by internal computers + external computers on your company's VPN) though it doesn't stop malicious internal users from leaking that data.

By public resource, do you mean "general public" or just public as per not-restricted to employees of your company.

General public, the best you can probably do is put the page on a robots.txt and hope that it doesn't get hit by scrapers/crawlers that ignore robots.txt

Putting it on robots.txt also tells anyone "hey there's something we dont' want indexed on this page lol".


Alternatively, load the page with no identifying informaiton, put a captcha, and then don't use robots.txt  Nothing interesting will come up when indexed, it won't stand out in robots.txt and it will require human interaction to actually view the data.

Again, someone who knows what theyre looking for won't be stopped.
Title: Re: need advice from the elitest hackers
Post by: rdl on February 04, 2017, 12:34:18 AM
it's a list of sources for journalists akudood;

so thats going to be anywhere from national outfits to local newspapers. trying to access it, looking for a source. and this will (supposedly) go national/international so while their current plan is to just use google forms, im trying to see what other options we have to at least try to protect people.
Title: Re: need advice from the elitest hackers
Post by: Daddy on February 04, 2017, 12:38:53 AM
Some sort of obfuscation (javascript, images instead of text) could also do the trick though in the end, anyone who wants to dox someone on the list and knows it exists, won't be stopped if they can find the page.
Title: Re: need advice from the elitest hackers
Post by: rdl on February 13, 2017, 04:08:24 PM
;_;

yeah so the solution ended up being just setting up a google drive account with two factor authentication that manually approves who has access. id still like to log who logged in when, so best i can do is catch ip's using a script, or a script that automatically adds a blank space character anytime someone opens the doc. that ties things up pretty well.

now i feel like a dumb idiot because i had everyone jumping down the omg infosec lets have everyone set up accounts and remember new passwords rabbit hole and now i have to tell everyone that lol uh achtually we just need to set up a gmail account and manually verify. obviously.

at least im not getting paid for this
Title: Re: need advice from the elitest hackers
Post by: C.Mongler on February 13, 2017, 07:23:02 PM
who cares news is fake anyway
Title: Re: need advice from the elitest hackers
Post by: rdl on February 19, 2017, 02:13:45 PM
yay my solution was approved, now we just need the executive director to give me the green light and we're good. we're like almost a month behind schedule though lol oops
Title: Re: need advice from the elitest hackers
Post by: rdl on March 01, 2017, 08:29:17 PM
welp this launches tomorrow. its not totally bad guy proof so hopefully we don't get anybody attacked or anything. tho im more pissed about being unemployed than that, oddly enough. normally this would be nerve wracking.
Title: Re: need advice from the elitest hackers
Post by: strongbad on March 03, 2017, 09:42:07 AM
Step 1: buy mechanical keyboard
Title: Re: need advice from the elitest hackers
Post by: Daddy on March 03, 2017, 10:22:33 AM
Quote from: antmaster5000 on March 03, 2017, 09:42:07 AM
Step 1: buy mechanical keyboard
I have one
Title: Re: need advice from the elitest hackers
Post by: Hiro on March 09, 2017, 12:06:29 PM
you done
Title: Re: need advice from the elitest hackers
Post by: rdl on March 09, 2017, 12:39:17 PM
yeah