I ended up on Piwigo. It’s pretty fully featured and allows you to set up access controls for groups. Also has client apps.

I don’t really understand this reply and why this is a shower thought.

But, I take it back. Clearly not a pastor or sermon. Sorry, my bad…

https://lemmy.world/pictrs/image/b6781fe4-3459-42bf-adce-b9e26f7078b1.jpeg

Is this one of those “how do you do fellow kids” accounts made by a very young looking , middle aged pastor attempting to infiltrate social media?

https://m.youtube.com/watch?v=C-q4bEULG64

Tim Minchin has a couple that’d entertain me.

Woody Allen Jesus (from memory this got cut from the original broadcast?) - https://m.youtube.com/watch?v=_SFdUJLebzU

A serious take on the season…

White Wine in the Sun - https://youtu.be/_CeY0VdhXK8

These are fully stand alone. Downloadable. So not strictly hosted I guess?

Does it need to be “hosted”?

I like both these:

yEd (https://www.yworks.com/products/yed)

Dia Diagrams (http://dia-installer.de)

I think yEd had a free version but closed source.

Yeah, it depends on what you mean.

In many cases malware and phishing is hosted off other compromised sites. So, they build a list of Wordpress sites with vulnerabilities, and use the vulnerabilities to host their files on them. For example, imagine “legitimate-medical-site.net.com” is a real site. The attacker will use the exploit to upload malicious files in there somewhere like “legitimate-medical-site. net. com/qwertasdf/invoice.pdf”.

If the site gets blocked or shutdown it’s no loss to them.

Another technique, especially phishing wise, they will have a semi-plausible domain name (e.g. youbank-security-server .con). But they will register heaps of these. There are tonnes of top level domains that do next to no checking. These things cost a few bucks, so having it taken down is not a problem.

The combination of burner sites and domains mean they have a window of opportunity to run their attacks and scams before other protections kick in.