[{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/categories/automation/","section":"Categories","summary":"","title":"Automation","type":"categories"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/cent-os/","section":"Tags","summary":"","title":"Cent OS","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/cloudflare/","section":"Tags","summary":"","title":"Cloudflare","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/ddns/","section":"Tags","summary":"","title":"DDNS","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/debian/","section":"Tags","summary":"","title":"Debian","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/dynamic-dns/","section":"Tags","summary":"","title":"Dynamic DNS","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/","section":"Esad Cetiner","summary":"","title":"Esad Cetiner","type":"page"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/free/","section":"Tags","summary":"","title":"Free","type":"tags"},{"content":"Do you want to host a website at home, or run your own personal cloud with Nextcloud? Chances are, you have a dynamic IP address assigned from your ISP. A common issue with running services at home is having to frequently update your DNS records whenever your IP address changes, luckily with Dynamic DNS (DDNS) this can be automated. Cloudflare offers a powerful API that allows us to automate various tasks such as updating what IP address our DNS records point to, a github user has written a shell script that lets us take advantage of Cloudflare\u0026rsquo;s API without having to write any code!\nPrerequisites # You must own a domain name. You must either have your DNS Nameservers pointed to Cloudflare or use Cloudflare as a domain registrar. You must have a Linux Server that\u0026rsquo;s running at home. Linux Fundamentals Networking Fundamentals. Downloading the script # To download the script, first make sure you have git installed and then git clone the script.\nUbuntu / Debian # sudo apt install git RHEL / Cent OS # sudo yum install git Cloning the repository # git clone https://github.com/K0p1-Git/cloudflare-ddns-updater That\u0026rsquo;s it for now, we have to create an API token to use this script.\nGetting our API token and Zone ID # To get your API token go to https://dash.cloudflare.com, log in, and then click your domain name, in my case this is ecetiner.com. You\u0026rsquo;ll then want to look for \u0026ldquo;Get your API Token\u0026rdquo; at the very bottom right of your screen, I\u0026rsquo;ve included a screenshot as it can be hard to find for some people. Right above \u0026ldquo;Get your API Token\u0026rdquo; You\u0026rsquo;ll see your Zone ID, copy and save it as we\u0026rsquo;ll need it for the script to work.\nNext under API Token you want to click \u0026ldquo;Create Token\u0026rdquo; then under \u0026ldquo;Edit DNS Zone\u0026rdquo; click \u0026ldquo;Use Template\u0026rdquo;. Your token\u0026rsquo;s permissions should look like mine.\nAfter that you\u0026rsquo;ll want to click \u0026ldquo;Continue to summary\u0026rdquo; then \u0026ldquo;Create Token\u0026rdquo;. Your token will be displayed and a curl command will be provided which lets you test the API token. Make sure you keep the token somewhere safe and don\u0026rsquo;t publish it on the internet as it can negatively impact your security. If your token is missing or was compromised, then you can \u0026ldquo;roll\u0026rdquo; the token which will generate a new one and invalidate the old one.\nConfiguring the script # Go back to your server and cd into cloudflare-ddns-updater.\ncd cloudflare-ddns-updater/ Open the file cloudflare-template.sh with a text editor, nano is a good beginner friendly text editor.\nnano cloudflare-template.sh Once you open the file you\u0026rsquo;ll be shown some lines that you\u0026rsquo;ll need to be configure, enter whatever value is relevant for your use case within the quotation marks then save and exit. The table below will guide you on how to fill it out.\nSetting Description auth_email Put the email address that is used to log into Cloudflare. auth_method Set this value to token. auth_key You put the API token that we generated earlier here, Go back to “Getting our API token” if you do not have a API token. zone_identifier Put your Zone ID here, go back to “Getting our API token” if you don’t know what yours is. record-name Add your DNS record name here, subdomain.example.com or example.com go here. ttl How long (In seconds) a change in your DNS will take effect, set this to 60 so your DNS record can update quickly. proxy If you want to proxy your website through Cloudflare set this to true, Otherwise set it to false. Testing the script # To test the script, update the DNS record you want DDNS for and set it to an invalid IP address (For example 1.1.1.1). Make sure you wait a few minutes for the change to propagate. Check with dig to see if your DNS is invalid.\ndig a example.com ; \u0026lt;\u0026lt;\u0026gt;\u0026gt; DiG 9.18.1-1ubuntu1.2-Ubuntu \u0026lt;\u0026lt;\u0026gt;\u0026gt; a example.com ;; global options: +cmd ;; Got answer: ;; -\u0026gt;\u0026gt;HEADER\u0026lt;\u0026lt;- opcode: QUERY, status: NOERROR, id: 22899 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 3600 IN A 93.184.216.34 ;; Query time: 320 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri Jan 13 04:26:46 AEDT 2023 ;; MSG SIZE rcvd: 56 Once your DNS record has propigated, run the script, wait a few minutes then check again with dig. Your IP address should be your home IP address now.\nsudo bash cloudflare-template.sh Create a cronjob to auto run the script # Now that we have a functioning script, we need to setup a cronjob so it runs automatically every minute. After all, nobody wants to have to run the script manually everytime something breaks!\ncrontab -e Copy paste the following and replace /path/to/script with the location to your script.\n*/1 * * * * bash /path/to/script/cloudflare-template.sh That\u0026rsquo;s all there is to it, you\u0026rsquo;ve now setup DDNS with Cloudflare and your DNS records will be automatically updated as your IP address changes!\n","date":"12 January 2023","externalUrl":null,"permalink":"/linux/fast-dynamic-dns-with-cloudflare/","section":"Posts","summary":"Do you want to host a website at home, or run your own personal cloud with Nextcloud? Chances are, you have a dynamic IP address assigned from your ISP. A common issue with running services at home is having to frequently update your DNS records whenever your IP address changes, luckily with Dynamic DNS (DDNS) this can be automated. Cloudflare offers a powerful API that allows us to automate various tasks such as updating what IP address our DNS records point to, a github user has written a shell script that lets us take advantage of Cloudflare’s API without having to write any code!\n","title":"Free dynamic DNS with Cloudflare","type":"post"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/guide/","section":"Tags","summary":"","title":"Guide","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/how-to/","section":"Tags","summary":"","title":"How To","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/categories/linux/","section":"Categories","summary":"","title":"Linux","type":"categories"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/linux/","section":"Tags","summary":"","title":"Linux","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/categories/networking/","section":"Categories","summary":"","title":"Networking","type":"categories"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/rhel/","section":"Tags","summary":"","title":"RHEL","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"12 January 2023","externalUrl":null,"permalink":"/tags/ubuntu/","section":"Tags","summary":"","title":"Ubuntu","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/brute-force/","section":"Tags","summary":"","title":"Brute Force","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/crowdsec/","section":"Tags","summary":"","title":"CrowdSec","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/firewall/","section":"Tags","summary":"","title":"Firewall","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/reduce-attack-surface/","section":"Tags","summary":"","title":"Reduce Attack Surface","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/secure/","section":"Tags","summary":"","title":"Secure","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/categories/security/","section":"Categories","summary":"","title":"Security","type":"categories"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/categories/servers/","section":"Categories","summary":"","title":"Servers","type":"categories"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/ssh/","section":"Tags","summary":"","title":"SSH","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/ssh-keys/","section":"Tags","summary":"","title":"SSH Keys","type":"tags"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/ufw/","section":"Tags","summary":"","title":"UFW","type":"tags"},{"content":"SSH is a popular tool for remotely managing Servers and networking equipment, it\u0026rsquo;s;s installed and enabled by default on every single Linux/BSD-based server. Since SSH is so widely used in many environments, it has become an obvious and easy target for many threat actors. If something goes wrong with SSH, things can go wrong quickly, making it an especially valuable target.\nRequired Knowledge # Linux Fundamentals Networking fundamentals Testing and backups # Before making any configuration changes to your Server, you should first test these changes in a testing environment. If all goes well, backup your production server and then apply your changes.\nPatch, Patch, Patch # This really should go without saying, but make sure you always install the latest security updates for any kind of software installed on your server. Patching protects your system against known security vulnerabilities. You should set up automatic patching using tools like unattended-upgrades to help stay on top on all of the latest security updates. I will write a future blog post that will cover unattended-upgrades.\nFirewalling SSH # Firewalls work by filtering IP addresses, ports, and protocols, they can be a lightweight, simple and yet effective tool for preventing attacks. Most saine firewalls will block all incoming traffic by default, so you\u0026rsquo;ll need to create allow rules to allow the traffic you need. So for example if you have a HTTP server then you need to open port 80 and 443 in your firewall, port 25 for an email server, etc. The trick here is to not just open port 22 for SSH, but only allow a handful of IP addresses to access port 22 and block everybody else. Just by doing this alone, your already making it extremely difficult for anybody to even talk to your SSH server. Good luck trying to break in if you can\u0026rsquo;t even talk to SSH.\nInstalling UFW # I\u0026rsquo;ll be using UFW firewall as an example since it\u0026rsquo;s easy to use, but feel free to use other firewalls.\nUbuntu / Debain # sudo apt update sudo apt install ufw RHEL / Cent OS # sudo dnf install ufw Creating UFW firewall rules # UFW already denies all incoming connections by default, so all you need to do is create your allow rules for SSH.\nNote: To allow a range or group of IP addresses, add a CIDR notation at the end of an IP address i.e: 10.0.0.1/24\nsudo ufw allow in from your-ip to any port 22 proto tcp To allow all IP addresses to access port 22, use this command:\nWarning: This leave port 22 wide open to the internet and provides no security for SSH\nsudo ufw allow in from any to any port 22 proto tcp To allow access to other services to your server, say for example your running NGINX you\u0026rsquo;ll need to create the following allow rules so others can access your website:\nsudo ufw allow in from any to any port 80 proto tcp sudo ufw allow in from any to any port 443 Once your done, double check you created all the rules you need with sudo ufw status\nEnabling UFW # Once you have added all of the firewall rules you need, enable UFW with the sudo ufw enable command.\nWARNING: Make sure you created an allow rule for SSH before enabling the firewall to avoid locking youself out.\nSecure Authentication # Weak passwords and authentication is by far one of the biggest reason any kind of server gets compromised, this isn\u0026rsquo;t helped by the fact strong and unique passwords are difficult to remember. This can be solved by using SSH keys, they\u0026rsquo;re easy to use, next to impossible to guess, and you can even login without a password! The only relatively small problem you\u0026rsquo;ll have to worry about is someone stealing your SSH key, but you can password protect the key to buy you time to change it.\nNOTE: Using passwords for SSH is fine as long as you have a secure password, but SSH keys are easier to use.\nGenerating SSH Keys # To generate an SSH key, just run the ssh-keygen -t ed25519 command, you can optionally protect it with a password if you wish.\nUploading your public key to the SSH Server # Once you\u0026rsquo;ve generated your SSH key you\u0026rsquo;ll need to upload it to the server, this process is slightly different depending on what your computer\u0026rsquo;s operating system is.\nLinux # On Linux this can be done with one command:\nssh-copy-id username@your-server-ip Windows Clients # Copying SSH keys from a Windows computer is a bit tricker than Linux. First, we\u0026rsquo;ll have to manually create the SSH folder with the correct permissions on the server and then upload our key.\nmkdir -p ~/.ssh chmod 0700 ~/.ssh Once you have created the folder and assigned it the correct permissions, use the SCP command to upload the key.\nscp $env:USERPROFILE/.ssh/id_ed25519.pub username@your-server-ip:~/.ssh/authorized_keys Logging into your Server with a SSH key # From now on you should be able to log into SSH without a password (If you didn\u0026rsquo;t set one) as long as you have your SSH key stored in your home directory\u0026rsquo;s .ssh folder.\nDisabling Password Authentication # Once all user accounts use SSH keys, disable password authentication to take advantage of the security improvements that come with SSH Keys. Create a drop-in file for SSH called 10-harden.conf under /etc/ssh/sshd_config.d/.\nsudo mkdir -p /etc/ssh/sshd_config.d/ /etc/ssh/ssh_config.d/ sudo nano /etc/ssh/sshd_config.d/10-harden.conf sudo ln -s /etc/ssh/sshd_config.d/10-harden.conf /etc/ssh/ssh_config.d/10-harden.conf Then add the following:\nPasswordAuthentication no PubkeyAuthentication yes Restart SSH # To apply your changes, restart SSH:\nsudo sshd -t \u0026amp;\u0026amp; systemctl restart ssh Brute Force Protection # A brute force attack is essentially an attack where somebody tries to guess your password, you can stop these attacks using a tool like CrowdSec is a log analysis tool that protects against SSH brute force attacks by banning the offending IP address, it can detect other attacks such as DDoS, XSS, SQLi, web based scanners and SSH exploitation attempts but for now I\u0026rsquo;ll be covering SSH.\nInstalling CrowdSec # CrowdSec is primarily made up of 2 components, the Security Engine (detects attacks) and the Remediation Component (blocks attacks). CrowdSec is currently not included in any official repositories, so we must first install the official CrowdSec repository, then we\u0026rsquo;ll install the CrowdSec Security Engine and Remediation Component. The Security Engine and Remediation Component is smart enough to auto-configure itself to detect and block attacks so we don\u0026rsquo;t have to do anything else. In most cases all you need to do is just run two commands.\nDebian / Ubuntu # curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash sudo apt install crowdsec crowdsec-firewall-bouncer-iptables RHEL / Cent OS # curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash sudo yum install crowdsec crowdsec-firewall-bouncer-iptables Impossible Travel and Successful brute force attacks (Optional) # In addition to brute force attacks, CrowdSec can detect \u0026ldquo;Impossible Travel\u0026rdquo; and Successful brute force attacks on SSH. The installation method is similar to manually configuring SSH for CrowdSec. However, you can shoot yourself in the foot if you don\u0026rsquo;t know what you\u0026rsquo;re doing. I won\u0026rsquo;t cover how to set it up here, but if you\u0026rsquo;re interested you can see how to do so here.\nReduce attack surface # Attack Surface is essentially all of the ways you can be hacked. Generally, the more complex a system is, the more features it has, the more likely it is to have a security vulnerability and therefore experience a security incident. It\u0026rsquo;s impossible to have no attack surface, but you can reduce it to ensure there are no unnecessary risks. SSH already has a pretty small attack surface, but we can further reduce it by disabling insecure and unnecessary features.\nDisable unnecessary features # Create an SSH drop-in file (If you haven\u0026rsquo;t already).\nsudo mkdir -p /etc/ssh/sshd_config.d/ /etc/ssh/ssh_config.d/ sudo nano /etc/ssh/sshd_config.d/10-harden.conf sudo ln -s /etc/ssh/sshd_config.d/10-harden.conf /etc/ssh/ssh_config.d/10-harden.conf Then add the following settings.\nNote: Some of these suggestions may break certain functionality within SSH, take a look at the table below to see what changes you may want to make then test it to make sure nothing is broken!\nConfiguration Description X11 Forwarding Enable/disable GUI over SSH with X11 Server. GatewayPorts Used for port forwarding over SSH PermitTunnel Used for port forwarding over SSH AllowTcpForwarding Used to port forward TCP ports over SSH. If you are using a database GUI program or similar to access an database on the server, then setting this to no may break it. Try setting this to local first before leaving it to a default value (yes). AllowStreamLocalForwarding Used for port forwarding over SSH Protocol There are two versions of SSH, V1, and V2. V2 is considered more secure and V1 is not supported. If your SSH client/server doesn\u0026rsquo;t support SSHv2 then you really should update it. PermitEmptyPasswords If set to no, this will disable SSH login for user accounts without a password. LoginGraceTime How long to wait for an SSH client to log in before disconnecting them. MaxAuthTries How many failed login attempts are allowed before being disconnected, this can help slow down brute force attacks by acting as an rate-limit. StrictModes If set to yes, an SSH user won\u0026rsquo;t log in an user if their SSH folder has insecure permissions (i.e rwx 777) Compression Enable/disable compression of SSH messages. Limiting SSH Users # You can also limit the users and user groups that can login via SSH. This is useful to prevent SSH logins from an account that shouldn\u0026rsquo;t be accessed over SSH, typically caused by a misconfiguration.\nAllowUsers exampleuser exampleuser1 AllowGroups examplegroup examplegroup1 Disabling Root Login # Sometimes people might suggest disabling root login for SSH and to use a sudo user to login instead, but this actually doesn\u0026rsquo;t have any security benefit in many cases. If you are the only one that\u0026rsquo;s maintaining the server then using the root account is fine. If multiple people are logging into the server then you should use sudo account so you can have better control over user accounts and permissions.\nPermitRootLogin no Restart SSH # Restart SSH to apply your changes.\nsudo sshd -t \u0026amp;\u0026amp; systemctl restart ssh ","date":"14 September 2022","externalUrl":null,"permalink":"/linux/ultimate-guide-to-securing-ssh/","section":"Posts","summary":"SSH is a popular tool for remotely managing Servers and networking equipment, it’s;s installed and enabled by default on every single Linux/BSD-based server. Since SSH is so widely used in many environments, it has become an obvious and easy target for many threat actors. If something goes wrong with SSH, things can go wrong quickly, making it an especially valuable target.\nRequired Knowledge # Linux Fundamentals Networking fundamentals Testing and backups # Before making any configuration changes to your Server, you should first test these changes in a testing environment. If all goes well, backup your production server and then apply your changes.\n","title":"Ultimate guide to securing SSH","type":"post"},{"content":"","date":"14 September 2022","externalUrl":null,"permalink":"/tags/vpn/","section":"Tags","summary":"","title":"VPN","type":"tags"},{"content":"Esad Cetiner is a student, computer and security enthusiast interested in Linux, Server Administration, Digital Privacy and Security. He likes to write beginner friendly blog posts about things he\u0026rsquo;s learned to help others in their journey. Esad is an OWASP CRS developer, and a maintainer/author of 3rd party plugins for OWASP CRS (roundcube-rule-exclusions-plugin, sogo-rule-exclusions-plugin, iredadmin-rule-exclusions-plugin, plausible-rule-exclusions-plugin).\nSkills # Ansible Apache AppArmor Bash Scripting Cisco IOS Cloudflare CrowdSec Intrusion Prevention Email Postfix, Dovecot and iRedMail Network and host based Firewalls Github Linux Ubuntu / Debian ModSecurity WAF Nextcloud Nginx Proxmox Virtualization TCP / IP Networking Ubiquiti Networks SDN VLANs Wazuh WordPress Education: # Certificate 2 Computer Assembly and Repair Certificate 4 Computer Systems Technology Cisco CCNA Introduction to Networks Cisco IT Essentials Cisco Introduction to Cybersecurity Cisco Cybersecurity Essentials Experience: # OWASP CRS Developer (2024 - Now) Personal Homelab (late 2021 - Now) ","externalUrl":null,"permalink":"/about/","section":"Esad Cetiner","summary":"Esad Cetiner is a student, computer and security enthusiast interested in Linux, Server Administration, Digital Privacy and Security. He likes to write beginner friendly blog posts about things he’s learned to help others in their journey. Esad is an OWASP CRS developer, and a maintainer/author of 3rd party plugins for OWASP CRS (roundcube-rule-exclusions-plugin, sogo-rule-exclusions-plugin, iredadmin-rule-exclusions-plugin, plausible-rule-exclusions-plugin).\nSkills # Ansible Apache AppArmor Bash Scripting Cisco IOS Cloudflare CrowdSec Intrusion Prevention Email Postfix, Dovecot and iRedMail Network and host based Firewalls Github Linux Ubuntu / Debian ModSecurity WAF Nextcloud Nginx Proxmox Virtualization TCP / IP Networking Ubiquiti Networks SDN VLANs Wazuh WordPress Education: # Certificate 2 Computer Assembly and Repair Certificate 4 Computer Systems Technology Cisco CCNA Introduction to Networks Cisco IT Essentials Cisco Introduction to Cybersecurity Cisco Cybersecurity Essentials Experience: # OWASP CRS Developer (2024 - Now) Personal Homelab (late 2021 - Now) ","title":"About","type":"page"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"Esad Cetiner can be contacted using the form below, you’ll receive an reply via email. Please make sure all communications are written in English.\nName * Email address * Subject * Message * Send message ","externalUrl":null,"permalink":"/contact/","section":"Esad Cetiner","summary":"Esad Cetiner can be contacted using the form below, you’ll receive an reply via email. Please make sure all communications are written in English.\nName * Email address * Subject * Message * Send message ","title":"Contact","type":"page"},{"content":" What is ecetiner.com and where does this privacy policy apply? # The domain ecetiner.com is owned by Esad Cetiner, this privacy policy applies to ecetiner.com along with all of it\u0026rsquo;s subdomains.\nAnalytics # If you are visiting ecetiner.com then a self hosted instance of Plausible Analytics is used to collect analytics (Such as what pages were visited and how this site was found), this data is not shared with 3rd parties.\nWhat data is collected # Depending on how you interact with ecetiner.com, the following data is collected:\nYour public IP address. What pages you have visited. Information about your Browser such as the User-Agent. Your name, email address, and messages sent via a contact form. In the event of abuse being detected, the entire network request is logged. Data you choose to store on Esad\u0026rsquo;s private services. Only the absolute bare minimum data required is collected (Including security related data) for this website and it\u0026rsquo;s private services to operate.\nHow is your data protected # Your data is protected via a defense in depth strategy using industry standard security hardening and best practices such as Encryption, IDS/IPS, Firewalls, Sandboxing, AAA (Authentication, Authorization and Accounting) and general configuration hardening. Data that is no longer required is automatically deleted after some time, any security related information (Such as firewall logs) may be kept for longer (A few years).\nWhat rights do I have over my data? # If you are just visiting the blog and sending messages via the contact form, then none. If you’ve been given access to a private service provided by Esad Cetiner then you retain full ownership over any data you store, however Esad Cetiner is able to see all data stored on his servers. You may request to have your account and data deleted at any time.\nWho your data is shared with and why # Data is only shared with 3rd parties under the following circumstances:\nWhen sending a message via the contact form, your message is sent to Akismet for spam detection. Triggering the firewall (Such as via an cyber attack) of this website will result in basic information such as your IP address and attack scenario being sent to CrowdSec. Completing any Captchas will result in information being sent to Cloudflare to determine if you are human. How long your data is retained # Security related data such as Firewall logs, and suspicious events will be kept for around a year. Most data will typically be removed after 3 months. If your utilizing Esad’s private server’s then data is typically removed after a month of being deleted, taking into account automated backups.\n","externalUrl":null,"permalink":"/privacy-policy/","section":"Esad Cetiner","summary":"What is ecetiner.com and where does this privacy policy apply? # The domain ecetiner.com is owned by Esad Cetiner, this privacy policy applies to ecetiner.com along with all of it’s subdomains.\nAnalytics # If you are visiting ecetiner.com then a self hosted instance of Plausible Analytics is used to collect analytics (Such as what pages were visited and how this site was found), this data is not shared with 3rd parties.\nWhat data is collected # Depending on how you interact with ecetiner.com, the following data is collected:\n","title":"Privacy Policy","type":"page"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]