Futunk is a creative project of Rob Kaper, herinafter also referred to as "Futunk", "we", "us".
The use of plural pronouns in this context is due to the employment of boilerplate language, encompassing both the project and its creator, even if developed by a singular individual.
Despite Futunk's informal nature, I want to assure you that I've taken dedicated measures to ensure the security of both the website and its hosting server. Your privacy and safety are vital concerns.
Best Practices Practised
- Up-to-date software packages
- SSH access by key only
- Firewall with aggressive fail2ban rules
- Transport Layer Security Authentication (TLSA)
- Sender Policy Framework (SPF)
- Domain Message Authentication Reporting (DMARC)
- Domain Keys Identified Mail (DKIM)
- Content Security Policy (CSP)
- Secure/Same-Site encrypted cookies (SHA256)
- HTTP Strict Transport Security (HSTS), included in Chrome's HTSTS preload list
- Subresource Integrity (SRI)
- Uploads and software resources not in public document root
- User input validation/sanitisation, SQL injection prevention, user content output sanitisation
- Encrypted passwords (SHA512) including salt and pepper to prevent rainbow table attacks
While these measures are in place, there's always room for improvement. I'm actively considering further enhancements, such as isolating the web server from other services like DNS and SMTP.
Results are valid as of 6 August 2023.