Difference between revisions of "Darknet web development"

Unix	Assembly language	Mathematics	Web development	I2P
GhostBSD	Assembly Programming Tutorial	Statistics	Django for Beginners	MuWire
GUI	Artificial intelligence	Artificial neural network	Machine learning	Messenger
Tkinter	Artificial intelligence	Artificial neural network	Machine Learning Mastery with Python	Session

Darknet web development is web development on darknet. Web programming is a part of web development.

Deepnet is a network that you cannot find by using search engines such as Google and DuckDuckGo.

Deep web is web contents of deepnet.

Surface web is a web contents that you can search using search engines like Yahoo and StartPage.

Darknet is a network that you can connect it by using special encryption softwares like Tor, I2P, Freenet.

Dark web is web contents of darknet.

Security

Block connection from surface web

If you use Apache and CentOS, you should edit "httpd.conf" file. If you use Apache and Ubuntu, you have to edit "ports.conf" file.

Go to "apache2" folder.

cd /etc/apache2/

Open ports.conf file.

vi ports.conf

Change the below two lines

#Listen 12.34.56.78:80
Listen 80

into the below four lines. They are just examples.

Listen 127.0.0.1:1001
Listen 127.0.0.1:1002
Listen 127.0.0.1:1003
#Listen 80

If you change the former into the latter, nobody can connect to your darknet website from surface web. In other words, the cannot connect your website using Google Chrome or Microsoft Internet Explorer.

nginx's setting is similar to Apache HTTP Server's.

Apache on Windows is similar to Apache on CentOS.

How the police got PlayPen's IP address

• An Admin's Foolish Errors Helped the FBI Unmask Child Porn Site 'Playpen'

Unsealed documents show a misconfigured server and some poor opsec helped lead law enforcement to their target.

May 16 2016

Recently unsealed court documents reveal that “Playpen,” one of the largest and most infamous dark web child pornography sites, was shut down partly owing to its administrator's own mistakes.

“Due to a misconfiguration of the server hosting the TARGET WEBSITE [Playpen], the TARGET WEBSITE was available for access on the regular Internet to users who knew the true IP address of the server,” a search warrant application for intercepting communications on Playpen from February 2015 reads. The search warrant and other documents were unsealed in the case of Richard Stamper, who was arrested on suspicion of child pornography charges.

“Basically, Playpen must have set their [child pornography] site to [a] default [web server setting], meaning if you typed in the IP address you could see the Playpen site,” Thomas White, a UK-based activist and technologist, explained in an encrypted chat. “Whereas if they set another default like ‘server not found,’ then you could only access Playpen by typing the correct .onion address.” This means that law enforcement could verify that an IP address belonged to a specific site.

“An FBI Agent, acting in an undercover capacity, accessed IP address 192.198.81.106 on the regular Internet and resolved to TARGET WEBSITE,” the document continues. That address pointed to a server in North Carolina, hosted by a company called CentriLogic.

http://192.198.81.106/

https://motherboard.vice.com/read/an-admins-foolish-errors-helped-the-fbi-unmask-child-porn-site-playpen

• How the FBI Located Suspected Admins of the Dark Web’s Largest Child Porn Site

The agency cooperated with a foreign law enforcement agency that had busted a second child pornography site.

Mar 2 2016

In February 2015, the Federal Bureau of Investigation launched an operation that was notable for two reasons: it was the largest known law enforcement hacking operation to date, and it entailed operating a child pornography website as a honeypot for 13 days.

But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.

The following month after the seizure, the FLA obtained an IP address for one of the moderators of this site by sending the target a link to a streaming video on an external website.

"If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA captured and recorded the IP address of the user accessing the file," the FBI complaint reads. Some of the related court documents were recently shared by a user on Reddit.

The video was configured in such a way that when it was opened, the target's computer would open up an internet connection outside of the anonymity network used by the child pornography site, "thereby allowing FLA to capture the user's actual IP address, as well as a session identifier to tie the IP address to the activity of a particular user account," the complaint continues. (The documents do not explicitly say whether this site was hosted on the Tor network, or another less popular network, such as I2P; it only refers to the website operating within "the Network".)

This IP address was then provided to the FBI, and led to David Lynn Browning of Kentucky. Browning, in addition to allegedly being a moderator of the child pornography site seized by the FLA, was suspected of being a moderator on Playpen, according to communications provided by the FLA to the FBI in April 2015. He was arrested in July 2015, according to court documents.

The FLA also obtained the IP address for Michael Fluckiger, a suspected moderator on the seized site and administrator on Playpen. The court documents do not say whether he was identified in the same fashion, however, and he was arrested in March 2015. In Fluckiger's complaint, the FBI mention that the FLA was able to obtain communications from another, third website, which was used as a chat room to discuss child pornography and exploitation.

https://motherboard.vice.com/read/how-the-fbi-identified-suspects-behind-the-dark-webs-largest-child-porn-site-playpen

Security for Apache

• Apache server security: 10 tips to secure installation

OCTOBER 6, 2014

https://www.acunetix.com/blog/articles/10-tips-secure-apache-installation/

• Apache Web Server Hardening & Security Guide

June 30, 2017

https://geekflare.com/apache-web-server-hardening-security/

Disable server-status module

It is only for security tip for Apache HTTP Server. "nginx" doesn't have this problem.

For example, if you connect

http://yourpussyis4rape.onion/server-status

page, you can see the server's information. It includes much critical information. If you access to your darknet website from surface web, you can see your IP address on this page!

Just by accessing http://yourpussyis4rape.onion/server-status , people can see a lot of information of the website, such as the type of operating system, type and version of the server, IP address of the person who accessed the server, and IP address of each site's visitor if multiple web sites are running on one server.

To prevent this, for Ubuntu, after moving to

cd /etc/apache2/mods-enabled/

open status.conf file.

vi status.conf

And then

LoadModule status_module /usr/lib/apache2/modules/mod_status.so

put # in front

#LoadModule status_module /usr/lib/apache2/modules/mod_status.so

, so that the module is no longer loaded.

Or

cd /etc/apache2/mods-enabled/
vi status.conf

after opening the status.conf file and find the below text

       <Location /server-status>
               SetHandler server-status
               Require local
               #Require ip 192.0.2.0/24
       </Location>

and then put # in front of each line.

       #<Location /server-status>
               #SetHandler server-status
               #Require local
               #Require ip 192.0.2.0/24
       #</Location>

Like that, all lines will become comments and don't work.

Or simply do like the below commands.

cd /etc/apache2/mods-enabled/
rm status*

Delete both "status.conf" and "status.load" files. These two files are symbolic links, and the original files are in the "mods-available" folder, so if you need it later, you can create symbolic link again.

And restart Apache.

/etc/init.d/apache2 restart

Disable server-info module

If you attach "server-info" after your address like http://yourpussyis4rape.onion/server-info and access it with a web browser, you can find various information such as the web server installation date, web server type (Apache) and version, operating system type, installed modules, etc.

For Ubuntu, "info.conf" is in "/etc/apache2/mods-available" but not symbolic linked to "/etc/apache2/mods-enabled" by default. So it is disabled. Therefore, even if you access to http://yourpussyis4rape.onion/server-info , nothing will display.

If you use CentOS, you should disable this module for security.

VPS

At first, you need a server to run your website. You can use your laptop or Raspberry Pi, but using VPS is better.

See Virtual private server to know how to buy cheap VPS with cryptocurrency.

You'd better hide your real IP address with Tor or VPN (virtual private network) when you access to your VPS.

Access to VPS with Tor and SSH

When connecting to VPS with using SSH (Secure Shell Protocol), use the SOCKS5 proxy provided by Tor to hide the actual IP address. Once you turn on Tor on your own computer, go to Terminal and input the below command.

ssh 123.123.123.123 -l root -o ProxyCommand="nc -X 5 -x localhost:9150 %h %p"

After connecting, if you check VPS server's log later, the IP address of the connected computer is not your actual IP address, but an IP address of Tor exit node.

You can write IP address of your VPS in the place of 123.123.123.123. And if you are "root", write "root" in the place of "root", and if you are a user, write your user name. In this way, if you use an IP address instead of a web site address such as rapevirgins.com or gangbanggirls.net to access the VPS, you can prevent a fairly serious security threat to Tor users, who can be revealed their true identity as DNS leak.

If you look in server log, you will see the log like the below line.

Feb 5 16:34:34 host-172-20-0-101 sshd[11269]: Accepted password for root from 65.19.167.131 port 22323 ssh2

If you check the IP address 65.19.167.131 used for connection in Tor Atlas, you can see that it is a Tor exit node's.

Once Tor is installed on the server, you can configure SSH to connect to Tor, and then connect to the .onion address. Then, in the SSH log, the IP address of the localhost, 127.0.0.1, is recorded as the visitor's IP address. Assuming your .onion address is fuckyourdaughter.onion, and input the below command in terminal.

ssh fuckyourdaughter.onion -l root -o ProxyCommand="nc -X 5 -x localhost:9150 %h %p"

And the you can see the below message.

root@fuckyourdaaughter.onion's password:

It will appear, and then enter the password to connect.

Last login: Sun Feb 5 20:47:10 2017 from 127.0.0.1

Finally, this message will appear.

See the below link for more information.

• How to set up a hidden Tor service or .onion website

February 7, 2017

https://www.comparitech.com/blog/vpn-privacy/how-to-set-up-a-tor-hidden-service/

MediaWiki

We will install MediaWiki on VPS. We assume that you use Ubuntu Linux and your server is also Ubuntu.

Download mediawiki-1.36.0.zip file from https://www.mediawiki.org/wiki/Download

SCP and SSH

Copy "mediawiki-1.36.0.zip" file to your VPS by using SCP (Secure copy protocol). Enter the below command to your terminal.

scp mediawiki-1.36.0.zip root@123.123.123.123:/var/www/

123.123.123.123 is your server's IP address. Replace it with your own IP address.

root@123.123.123.123's password: 

Enter your server's password.

Connect to your VPS via SSH (Secure Shell Protocol).

ssh root@123.123.123.123

root@123.123.123.123's password: 

Input your server's password.

Update the package list.

apt update

Install updated packages.

apt upgrade

Install Tor.

apt install tor

apache2 -v

Check your Apache HTTP Server version. If it isn't installed, install it.

apt install apache2

If your visit your IP address with Tor Browser, you can see "Apache2 Ubuntu Default Page".

Check your PHP version.

php -v

If it isn't installed, install it.

apt install php

Check your MySQL or MariaDB's version.

mysql --version

If MySQL is installed, purge mysql-server. If there is mysql-client, purge it too.

apt purge mysql-server

If MariaDB isn't installed, install it.

apt install mariadb-server

If unzip isn't installed, install it.

apt install unzip

Extract mediawiki-1.36.0.zip file.

unzip mediawiki-1.36.0.zip

Change "mediawiki-1.36.0" directory's name to "html1".

mv mediawiki-1.36.0 html1

torrc

Install vi to edit text files. If you want, you can use Vim instaed of vi.

apt install vi

Go to "tor" folder.

cd /etc/tor/ 

Open "torrc" file with vi.

vi torrc

How to use vi.

i - Insert at cursor (goes into insert mode)

a - Write after cursor (goes into insert mode)

ESC - Terminate insert mode.

:w - Save the file but keep it open

:q - Quit without saving

:wq - Save the file and quit

You can see the below text.

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

Change them into like this.

HiddenServiceDir /var/lib/tor/hs1/
HiddenServicePort 80 127.0.0.1:1001

HiddenServiceDir /var/lib/tor/hs2/
HiddenServicePort 80 127.0.0.1:1002

HiddenServiceDir /var/lib/tor/hs3/
HiddenServicePort 80 127.0.0.1:1003

Move with arrow keys and edit it with pressing "i" or "a" key.

After editing, press "Esc" and input :wq to save it.

Restart Tor with the below command.

/etc/init.d/tor restart

onion address

Go to "hs1", "hs2" and "hs3" folders to see your onion addresses.

cd /var/lib/tor
cd hs1
vi hostname

And quit vi without saving.

Esc
:q

Install modules

Install MySQL module for PHP.

apt install php-mysql

Install PHP module for Apache.

apt install libapache2-mod-php

Restart Apache HTTP Server.

service apache2 restart

ports.conf

Go to "apache2" folder.

cd /etc/apache2/

Open ports.conf file.

vi ports.conf

Find the below text

#Listen 12.34.56.78:80
Listen 80

or

Listen 80

It means that the port 80 is open.

And change them into like the below text.

Listen 127.0.0.1:1001
Listen 127.0.0.1:1002
Listen 127.0.0.1:1003
#Listen 80

If there are open ports except 1001 or 1002 like the below text,

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

make them comments so that they can't work.

#<IfModule ssl_module>
#        Listen 443
#</IfModule>

#<IfModule mod_gnutls.c>
#        Listen 443
#</IfModule>

And save it.

Esc
:wq

Restart Apache.

service apache2 restart

From now on, you can't access to your website with IP address.

Virtual host

Go to "sites-available" directory.

cd /etc/apache2/sites-available/

Copy 000-default.conf file into three files named with "html1.conf", "html2.conf" and "html3.conf".

cp 000-default.conf html1.conf
cp 000-default.conf html2.conf
cp 000-default.conf html3.conf

Open html1.conf file.

vi html1.conf

You can see the below text.

<VirtualHost *:80>
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Move with arrow keys and input "i" or "a" to edit it. Change the above text into the below text.

<VirtualHost 127.0.0.1:1001>
        ServerName rapeyourdaughter.onion

        #ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html1

        ErrorLog ${APACHE_LOG_DIR}/error1.log
        CustomLog ${APACHE_LOG_DIR}/access1.log vhost_combined
</VirtualHost>

rapeyourdaughter.onion is just an example. Replace it whit your own onion address.

Save it.

Esc
:wq

Do the same job for "html2.conf" and "html3.conf".

Make symbolic links for "html1.conf", "html2.conf" and "html3.conf" in "sites-enabled" directory.

ln -s /etc/apache2/sites-available/html1.conf /etc/apache2/sites-enabled/html1.conf
ln -s /etc/apache2/sites-available/html2.conf /etc/apache2/sites-enabled/html2.conf
ln -s /etc/apache2/sites-available/html3.conf /etc/apache2/sites-enabled/html3.conf

And then delete a symbolic link for "000-default.conf".

cd ../sites-enabled
rm 000-default.conf 

Restart Apache.

service apache2 restart

And then try accessing to your onion address. If it doesn't work, restart Tor.

/etc/init.d/tor restart

And don't put https into the onion address. Your current onion address works only with HTTP. If you want to use HTTPS, you need to do more setup to make it work.

Install mbstring, xml, and intl

Now you can try to install MediaWiki but you will see the below error message.

MediaWiki 1.36 internal error

Installing some PHP extensions is required.
Required components

You are missing a required extension to PHP that MediaWiki requires to run. Please install:

    mbstring (more information)
    xml (more information)
    intl (more information)

Install mbstring, xml, and intl.

apt search mbstring
apt install php-mbstring
apt search php-xml
apt install php-xml
apt search php-intl
apt install php-intl

When you don't know the exact name of the package, you can "search" it.

Restart Apache.

service apache2 restart

MariaDB

Install MariaDB.

mysql_secure_installation

Enter current password for root (enter for none):

Press "Enter" key.

Set root password? [Y/n]:

y

New password:

password for using as database root

Re-enter new password:

Input the password one more time

Remove anonymous users? [Y/n]:

y

Disallow root login remotely? [Y/n]:

y

Remove test database and access to it? [Y/n]:

y

Reload privilege tables now? [Y/n]:

y

It finished.

Make DB for wiki

Login to MariaDB.

mysql -u root -p

Then the below message will be shown.

Enter password: 

If you don't have any password for root (of database), just press "Enter" key.

Show database list.

show databases;

Create a DB named "dbname".

create database dbname;

Delete a DB named "dbname".

drop database dbname;

Quit DBMS.

exit

If you don't add ; after command, you can see the below special characters.

-> 

You can't exit from this. Input ; and press "Enter" key to quit it.

You can't use DB's root username and password for MediaWiki. You have to make another username.

CREATE DATABASE wikidb;
CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY 'wikipass';
GRANT ALL PRIVILEGES ON wikidb.* TO 'wikiuser'@'localhost' WITH GRANT OPTION;

I use capital letters for the commands, but lower case is okay.

Change "wikidb" to your desired database name, "wikiuser" to your desired username, and "wikipass" to your desired password.

If you omit ' when you type the above command you will see the below text

'>

instead of the below text.

-> 

Input ' and press "Enter" key to escape it.

• What does the ( ' > ) symbol mean in the command line in MySQL?

2013-07-09

https://stackoverflow.com/questions/17538549/what-does-the-symbol-mean-in-the-command-line-in-mysql

Install MediaWiki

You will see the below text when you install MediaWiki.

Database host: localhost
Database name (no hyphens): my_wiki
Database table prefix (no hyphens):
Database username: root
Database password:

If "localhost" doesn't work, replace it with "127.0.0.1".

Fill the blanks like the below text. Replace them with your own username and password.

Database host: localhost
Database name (no hyphens): wikidb
Database table prefix (no hyphens):
Database username: wikiuser
Database password: wikipass

Upload files

Download MobileFrontend extension file from https://www.mediawiki.org/w/index.php?title=Extension:MobileFrontend ( https://www.mediawiki.org/wiki/Special:ExtensionDistributor/MobileFrontend ).

Upload "LocalSettings.php", "favicon.ico", "logo.gif", "MobileFrontend-REL1_36-f78273c.tar.gz" files to your VPS.

scp LocalSettings.php root@123.123.123.123:/var/www/html1/
scp favicon.ico root@123.123.123.123:/var/www/html1/
scp logo.gif root@123.123.123.123:/var/www/html1/resources/assets/logo.gif
scp MobileFrontend-REL1_36-f78273c.tar.gz root@123.123.123.123:/var/www/html1/extensions/

Connect to your server via SSH.

ssh root@123.123.123.123

Go to "extensions" directory.

cd /var/www/html1/extensions/

Extract "MobileFrontend-REL1_36-f78273c.tar.gz" file.

tar -xzf MobileFrontend-REL1_36-f78273c.tar.gz -C /var/www/html1/extensions/

For more detail, see MediaWiki.

TinyIB

Download tinyib-master.zip from https://gitlab.com/tslocum/tinyib

Send tinyib-master.zip to VPS.

scp tinyib-master.zip root@123.123.123.123:/var/www/

Move to "www" directory.

cd /var/www/

Extract tinyib-master.zip file.

unzip tinyib-master.zip 

Change "tinyib-master" folder's name to "html2".

mv tinyib-master html2

Edit torrc and ports.conf files. And go to "sites-available" folder and edit VirtualHost in html2.conf file.

Download "settings.default.php" file.

scp root@123.123.123.123:/var/www/html2/settings.default.php /home/username/

Replace "username" with your user name.

Edit "settings.php" file. See TinyIB for more details.

jschan

See jschan to know how to install it on VPS.

See also

• Darknet
• Web development
• Python

• Django

• phpBB
• TinyIB
• MediaWiki
• WordPress
• OpenCart

• Security
• Linux

• Ubuntu

• BSD

• GhostBSD

• PlayPen (Playpen)
• Childs Play (Child's Play)

• gpg4usb
• GIMP
• I2P

• MuWire
• iMule
• I2PSnark