no CDNs as it leads to tracking by CDNs.

Close your port 22 at least. Define some simple iptables rules.

Only able to login if coming from specific ip address, like a private vpn server.

I thought whois guard wasn't allowed by .in? I'm using Namecheap and it isn't possible for my .in but I'd like to add it if some other registrars allow this. Anyone have to registrar to recommend besides gandhi?

Gandi is the best. Although you pay for their no bullshit, and sometimes they won't let you do (questionable) things that other registrars allow.

I'm assuming that means they somehow allow .in regstration to use their WHOIS guard? This conflicts with their published list of WHOIS guard compatible domains [0].

[0]: http://wiki.gandi.net/en/domains/private-registration/gandi-...

They don't, afaik.

Note: there is a website that shows the real ip addresses of (some?) cloudflare customers: http://www.crimeflare.com/cfs.html

Yeah, anyone who moves to Cloudflare (or any service that happens to hide origin server IPs) should then change their origin IPs.

Not everyone has got the memo on that.

Is old whois data cached? If you launch without whois privacy and turn it on later, can someone go back in history and still find the registrant?

As a side note, maybe someone like archive.org should keep time series whois data...

> can someone go back in history and still find the registrant?

Yes, there are some services which offer this, e.g.:

http://www.domainhistory.net/skytorrents.in

Will Cloudflare work for this kind of stuff? I assume you guys comply with DMCA takedowns and things?

Yeah the whois thing should be done ASAP before you start to take on more users.