Darknet web development
Unix | Assembly language | Mathematics | Web development | I2P |
---|---|---|---|---|
GhostBSD | Assembly Programming Tutorial | Statistics | Django for Beginners | MuWire |
GUI | Artificial intelligence | Artificial neural network | Machine learning | Messenger |
Tkinter | Artificial intelligence | Artificial neural network | Machine Learning Mastery with Python | Session |
Darknet web development is web development on darknet. Web programming is a part of web development.
Deepnet is a network that you cannot find by using search engines such as Google and DuckDuckGo.
Deep web is web contents of deepnet.
Surface web is a web contents that you can search using search engines like Yahoo and StartPage.
Darknet is a network that you can connect it by using special encryption softwares like Tor, I2P, Freenet.
Dark web is web contents of darknet.
Security
Block connection from surface web
If you use Apache and CentOS, you should edit "httpd.conf" file. If you use Apache and Ubuntu, you have to edit "ports.conf" file.
Go to "apache2" folder.
cd /etc/apache2/
Open ports.conf file.
vi ports.conf
Change the below two lines
#Listen 12.34.56.78:80 Listen 80
into the below four lines. They are just examples.
Listen 127.0.0.1:1001 Listen 127.0.0.1:1002 Listen 127.0.0.1:1003 #Listen 80
If you change the former into the latter, nobody can connect to your darknet website from surface web. In other words, the cannot connect your website using Google Chrome or Microsoft Internet Explorer.
nginx's setting is similar to Apache HTTP Server's.
Apache on Windows is similar to Apache on CentOS.
How the police got PlayPen's IP address
- An Admin's Foolish Errors Helped the FBI Unmask Child Porn Site 'Playpen'
Unsealed documents show a misconfigured server and some poor opsec helped lead law enforcement to their target.
May 16 2016
Recently unsealed court documents reveal that “Playpen,” one of the largest and most infamous dark web child pornography sites, was shut down partly owing to its administrator's own mistakes.
“Due to a misconfiguration of the server hosting the TARGET WEBSITE [Playpen], the TARGET WEBSITE was available for access on the regular Internet to users who knew the true IP address of the server,” a search warrant application for intercepting communications on Playpen from February 2015 reads. The search warrant and other documents were unsealed in the case of Richard Stamper, who was arrested on suspicion of child pornography charges.
“Basically, Playpen must have set their [child pornography] site to [a] default [web server setting], meaning if you typed in the IP address you could see the Playpen site,” Thomas White, a UK-based activist and technologist, explained in an encrypted chat. “Whereas if they set another default like ‘server not found,’ then you could only access Playpen by typing the correct .onion address.” This means that law enforcement could verify that an IP address belonged to a specific site.
“An FBI Agent, acting in an undercover capacity, accessed IP address 192.198.81.106 on the regular Internet and resolved to TARGET WEBSITE,” the document continues. That address pointed to a server in North Carolina, hosted by a company called CentriLogic.
- How the FBI Located Suspected Admins of the Dark Web’s Largest Child Porn Site
The agency cooperated with a foreign law enforcement agency that had busted a second child pornography site.
Mar 2 2016
In February 2015, the Federal Bureau of Investigation launched an operation that was notable for two reasons: it was the largest known law enforcement hacking operation to date, and it entailed operating a child pornography website as a honeypot for 13 days.
But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.
The following month after the seizure, the FLA obtained an IP address for one of the moderators of this site by sending the target a link to a streaming video on an external website.
"If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA captured and recorded the IP address of the user accessing the file," the FBI complaint reads. Some of the related court documents were recently shared by a user on Reddit.
The video was configured in such a way that when it was opened, the target's computer would open up an internet connection outside of the anonymity network used by the child pornography site, "thereby allowing FLA to capture the user's actual IP address, as well as a session identifier to tie the IP address to the activity of a particular user account," the complaint continues. (The documents do not explicitly say whether this site was hosted on the Tor network, or another less popular network, such as I2P; it only refers to the website operating within "the Network".)
This IP address was then provided to the FBI, and led to David Lynn Browning of Kentucky. Browning, in addition to allegedly being a moderator of the child pornography site seized by the FLA, was suspected of being a moderator on Playpen, according to communications provided by the FLA to the FBI in April 2015. He was arrested in July 2015, according to court documents.
The FLA also obtained the IP address for Michael Fluckiger, a suspected moderator on the seized site and administrator on Playpen. The court documents do not say whether he was identified in the same fashion, however, and he was arrested in March 2015. In Fluckiger's complaint, the FBI mention that the FLA was able to obtain communications from another, third website, which was used as a chat room to discuss child pornography and exploitation.
Security for Apache
- Apache server security: 10 tips to secure installation
OCTOBER 6, 2014
https://www.acunetix.com/blog/articles/10-tips-secure-apache-installation/
- Apache Web Server Hardening & Security Guide
June 30, 2017
https://geekflare.com/apache-web-server-hardening-security/
Disable server-status module
It is only for security tip for Apache HTTP Server. "nginx" doesn't have this problem.
For example, if you connect
http://yourpussyis4rape.onion/server-status
page, you can see the server's information. It includes much critical information. If you access to your darknet website from surface web, you can see your IP address on this page!
Just by accessing http://yourpussyis4rape.onion/server-status , people can see a lot of information of the website, such as the type of operating system, type and version of the server, IP address of the person who accessed the server, and IP address of each site's visitor if multiple web sites are running on one server.
To prevent this, for Ubuntu, after moving to
cd /etc/apache2/mods-enabled/
open status.conf file.
vi status.conf
And then
LoadModule status_module /usr/lib/apache2/modules/mod_status.so
put # in front
#LoadModule status_module /usr/lib/apache2/modules/mod_status.so
, so that the module is no longer loaded.
Or
cd /etc/apache2/mods-enabled/ vi status.conf
after opening the status.conf file and find the below text
<Location /server-status> SetHandler server-status Require local #Require ip 192.0.2.0/24 </Location>
and then put # in front of each line.
#<Location /server-status> #SetHandler server-status #Require local #Require ip 192.0.2.0/24 #</Location>
Like that, all lines will become comments and don't work.
Or simply do like the below commands.
cd /etc/apache2/mods-enabled/ rm status*
Delete both "status.conf" and "status.load" files. These two files are symbolic links, and the original files are in the "mods-available" folder, so if you need it later, you can create symbolic link again.
And restart Apache.
/etc/init.d/apache2 restart
Disable server-info module
If you attach "server-info" after your address like http://yourpussyis4rape.onion/server-info and access it with a web browser, you can find various information such as the web server installation date, web server type (Apache) and version, operating system type, installed modules, etc.
For Ubuntu, "info.conf" is in "/etc/apache2/mods-available" but not symbolic linked to "/etc/apache2/mods-enabled" by default. So it is disabled. Therefore, even if you access to http://yourpussyis4rape.onion/server-info , nothing will display.
If you use CentOS, you should disable this module for security.
VPS
At first, you need a server to run your website. You can use your laptop or Raspberry Pi, but using VPS is better.
See Virtual private server to know how to buy cheap VPS with cryptocurrency.
You'd better hide your real IP address with Tor or VPN (virtual private network) when you access to your VPS.
Access to VPS with Tor and SSH
When connecting to VPS with using SSH (Secure Shell Protocol), use the SOCKS5 proxy provided by Tor to hide the actual IP address. Once you turn on Tor on your own computer, go to Terminal and input the below command.
ssh 123.123.123.123 -l root -o ProxyCommand="nc -X 5 -x localhost:9150 %h %p"
After connecting, if you check VPS server's log later, the IP address of the connected computer is not your actual IP address, but an IP address of Tor exit node.
You can write IP address of your VPS in the place of 123.123.123.123. And if you are "root", write "root" in the place of "root", and if you are a user, write your user name. In this way, if you use an IP address instead of a web site address such as rapevirgins.com or gangbanggirls.net to access the VPS, you can prevent a fairly serious security threat to Tor users, who can be revealed their true identity as DNS leak.
If you look in server log, you will see the log like the below line.
Feb 5 16:34:34 host-172-20-0-101 sshd[11269]: Accepted password for root from 65.19.167.131 port 22323 ssh2
If you check the IP address 65.19.167.131 used for connection in Tor Atlas, you can see that it is a Tor exit node's.
Once Tor is installed on the server, you can configure SSH to connect to Tor, and then connect to the .onion address. Then, in the SSH log, the IP address of the localhost, 127.0.0.1, is recorded as the visitor's IP address. Assuming your .onion address is fuckyourdaughter.onion, and input the below command in terminal.
ssh fuckyourdaughter.onion -l root -o ProxyCommand="nc -X 5 -x localhost:9150 %h %p"
And the you can see the below message.
root@fuckyourdaaughter.onion's password:
It will appear, and then enter the password to connect.
Last login: Sun Feb 5 20:47:10 2017 from 127.0.0.1
Finally, this message will appear.
See the below link for more information.
- How to set up a hidden Tor service or .onion website
February 7, 2017
https://www.comparitech.com/blog/vpn-privacy/how-to-set-up-a-tor-hidden-service/
MediaWiki
We will install MediaWiki on VPS. We assume that you use Ubuntu Linux and your server is also Ubuntu.
Download mediawiki-1.36.0.zip file from https://www.mediawiki.org/wiki/Download
SCP and SSH
Copy "mediawiki-1.36.0.zip" file to your VPS by using SCP (Secure copy protocol). Enter the below command to your terminal.
scp mediawiki-1.36.0.zip root@123.123.123.123:/var/www/
123.123.123.123 is your server's IP address. Replace it with your own IP address.
root@123.123.123.123's password:
Enter your server's password.
Connect to your VPS via SSH (Secure Shell Protocol).
ssh root@123.123.123.123
root@123.123.123.123's password:
Input your server's password.
Update the package list.
apt update
Install updated packages.
apt upgrade
Install Tor.
apt install tor
apache2 -v
Check your Apache HTTP Server version. If it isn't installed, install it.
apt install apache2
If your visit your IP address with Tor Browser, you can see "Apache2 Ubuntu Default Page".
Check your PHP version.
php -v
If it isn't installed, install it.
apt install php
Check your MySQL or MariaDB's version.
mysql --version
If MySQL is installed, purge mysql-server. If there is mysql-client, purge it too.
apt purge mysql-server
If MariaDB isn't installed, install it.
apt install mariadb-server
If unzip isn't installed, install it.
apt install unzip
Extract mediawiki-1.36.0.zip file.
unzip mediawiki-1.36.0.zip
Change "mediawiki-1.36.0" directory's name to "html1".
mv mediawiki-1.36.0 html1
torrc
Install vi to edit text files. If you want, you can use Vim instaed of vi.
apt install vi
Go to "tor" folder.
cd /etc/tor/
Open "torrc" file with vi.
vi torrc
How to use vi.
i - Insert at cursor (goes into insert mode)
a - Write after cursor (goes into insert mode)
ESC - Terminate insert mode.
:w - Save the file but keep it open
:q - Quit without saving
:wq - Save the file and quit
You can see the below text.
#HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22
Change them into like this.
HiddenServiceDir /var/lib/tor/hs1/ HiddenServicePort 80 127.0.0.1:1001 HiddenServiceDir /var/lib/tor/hs2/ HiddenServicePort 80 127.0.0.1:1002 HiddenServiceDir /var/lib/tor/hs3/ HiddenServicePort 80 127.0.0.1:1003
Move with arrow keys and edit it with pressing "i" or "a" key.
After editing, press "Esc" and input :wq to save it.
Restart Tor with the below command.
/etc/init.d/tor restart
onion address
Go to "hs1", "hs2" and "hs3" folders to see your onion addresses.
cd /var/lib/tor cd hs1 vi hostname
And quit vi without saving.
Esc :q
Install modules
apt install php-mysql
Install PHP module for Apache.
apt install libapache2-mod-php
Restart Apache HTTP Server.
service apache2 restart
ports.conf
Go to "apache2" folder.
cd /etc/apache2/
Open ports.conf file.
vi ports.conf
Find the below text
#Listen 12.34.56.78:80 Listen 80
or
Listen 80
It means that the port 80 is open.
And change them into like the below text.
Listen 127.0.0.1:1001 Listen 127.0.0.1:1002 Listen 127.0.0.1:1003 #Listen 80
If there are open ports except 1001 or 1002 like the below text,
<IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
make them comments so that they can't work.
#<IfModule ssl_module> # Listen 443 #</IfModule> #<IfModule mod_gnutls.c> # Listen 443 #</IfModule>
And save it.
Esc :wq
Restart Apache.
service apache2 restart
From now on, you can't access to your website with IP address.
Virtual host
Go to "sites-available" directory.
cd /etc/apache2/sites-available/
Copy 000-default.conf file into three files named with "html1.conf", "html2.conf" and "html3.conf".
cp 000-default.conf html1.conf cp 000-default.conf html2.conf cp 000-default.conf html3.conf
Open html1.conf file.
vi html1.conf
You can see the below text.
<VirtualHost *:80> #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Move with arrow keys and input "i" or "a" to edit it. Change the above text into the below text.
<VirtualHost 127.0.0.1:1001> ServerName rapeyourdaughter.onion #ServerAdmin webmaster@localhost DocumentRoot /var/www/html1 ErrorLog ${APACHE_LOG_DIR}/error1.log CustomLog ${APACHE_LOG_DIR}/access1.log vhost_combined </VirtualHost>
rapeyourdaughter.onion is just an example. Replace it whit your own onion address.
Save it.
Esc :wq
Do the same job for "html2.conf" and "html3.conf".
Make symbolic links for "html1.conf", "html2.conf" and "html3.conf" in "sites-enabled" directory.
ln -s /etc/apache2/sites-available/html1.conf /etc/apache2/sites-enabled/html1.conf ln -s /etc/apache2/sites-available/html2.conf /etc/apache2/sites-enabled/html2.conf ln -s /etc/apache2/sites-available/html3.conf /etc/apache2/sites-enabled/html3.conf
And then delete a symbolic link for "000-default.conf".
cd ../sites-enabled rm 000-default.conf
Restart Apache.
service apache2 restart
And then try accessing to your onion address. If it doesn't work, restart Tor.
/etc/init.d/tor restart
And don't put https into the onion address. Your current onion address works only with HTTP. If you want to use HTTPS, you need to do more setup to make it work.
Install mbstring, xml, and intl
Now you can try to install MediaWiki but you will see the below error message.
MediaWiki 1.36 internal error Installing some PHP extensions is required. Required components You are missing a required extension to PHP that MediaWiki requires to run. Please install: mbstring (more information) xml (more information) intl (more information)
Install mbstring, xml, and intl.
apt search mbstring apt install php-mbstring
apt search php-xml apt install php-xml
apt search php-intl apt install php-intl
When you don't know the exact name of the package, you can "search" it.
Restart Apache.
service apache2 restart
MariaDB
Install MariaDB.
mysql_secure_installation
Enter current password for root (enter for none):
Press "Enter" key.
Set root password? [Y/n]:
y
New password:
password for using as database root
Re-enter new password:
Input the password one more time
Remove anonymous users? [Y/n]:
y
Disallow root login remotely? [Y/n]:
y
Remove test database and access to it? [Y/n]:
y
Reload privilege tables now? [Y/n]:
y
It finished.
Make DB for wiki
Login to MariaDB.
mysql -u root -p
Then the below message will be shown.
Enter password:
If you don't have any password for root (of database), just press "Enter" key.
Show database list.
show databases;
Create a DB named "dbname".
create database dbname;
Delete a DB named "dbname".
drop database dbname;
Quit DBMS.
exit
If you don't add ; after command, you can see the below special characters.
->
You can't exit from this. Input ; and press "Enter" key to quit it.
You can't use DB's root username and password for MediaWiki. You have to make another username.
CREATE DATABASE wikidb; CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY 'wikipass'; GRANT ALL PRIVILEGES ON wikidb.* TO 'wikiuser'@'localhost' WITH GRANT OPTION;
I use capital letters for the commands, but lower case is okay.
Change "wikidb" to your desired database name, "wikiuser" to your desired username, and "wikipass" to your desired password.
If you omit ' when you type the above command you will see the below text
'>
instead of the below text.
->
Input ' and press "Enter" key to escape it.
- What does the ( ' > ) symbol mean in the command line in MySQL?
2013-07-09
https://stackoverflow.com/questions/17538549/what-does-the-symbol-mean-in-the-command-line-in-mysql
Install MediaWiki
You will see the below text when you install MediaWiki.
Database host: localhost Database name (no hyphens): my_wiki Database table prefix (no hyphens): Database username: root Database password:
If "localhost" doesn't work, replace it with "127.0.0.1".
Fill the blanks like the below text. Replace them with your own username and password.
Database host: localhost Database name (no hyphens): wikidb Database table prefix (no hyphens): Database username: wikiuser Database password: wikipass
Upload files
Download MobileFrontend extension file from https://www.mediawiki.org/w/index.php?title=Extension:MobileFrontend ( https://www.mediawiki.org/wiki/Special:ExtensionDistributor/MobileFrontend ).
Upload "LocalSettings.php", "favicon.ico", "logo.gif", "MobileFrontend-REL1_36-f78273c.tar.gz" files to your VPS.
scp LocalSettings.php root@123.123.123.123:/var/www/html1/ scp favicon.ico root@123.123.123.123:/var/www/html1/ scp logo.gif root@123.123.123.123:/var/www/html1/resources/assets/logo.gif scp MobileFrontend-REL1_36-f78273c.tar.gz root@123.123.123.123:/var/www/html1/extensions/
Connect to your server via SSH.
ssh root@123.123.123.123
Go to "extensions" directory.
cd /var/www/html1/extensions/
Extract "MobileFrontend-REL1_36-f78273c.tar.gz" file.
tar -xzf MobileFrontend-REL1_36-f78273c.tar.gz -C /var/www/html1/extensions/
For more detail, see MediaWiki.
TinyIB
Download tinyib-master.zip from https://gitlab.com/tslocum/tinyib
Send tinyib-master.zip to VPS.
scp tinyib-master.zip root@123.123.123.123:/var/www/
Move to "www" directory.
cd /var/www/
Extract tinyib-master.zip file.
unzip tinyib-master.zip
Change "tinyib-master" folder's name to "html2".
mv tinyib-master html2
Edit torrc and ports.conf files. And go to "sites-available" folder and edit VirtualHost in html2.conf file.
Download "settings.default.php" file.
scp root@123.123.123.123:/var/www/html2/settings.default.php /home/username/
Replace "username" with your user name.
Edit "settings.php" file. See TinyIB for more details.
jschan
See jschan to know how to install it on VPS.
See also