Hosting Hidden Services

From Hidden Wiki
Jump to navigation Jump to search

Hidden Services are websites only available on Tor that end with a .onion suffix, for example the address for our hidden service is kpvz7kpmcmne52qf.onion.

Host Your Own Hidden Service

You can easily host your own hidden service, but depending on the content of your prospective website, you may want to host it externally on servers paid of anonymously. We are going to assume below that you are hosting something legal and something you want to be secure. You should only use software that is open source.

Operating System

An Operating System is the software that runs your computer. You can use any operating system (e.g. Windows) on any computer, but we recommend using a very popular open-source software like CentOS in a Virtual Machine.

  1. Boot the CentOS installer in your newly created VM and install it as a minimal command line setup by using linux text.
  2. Configure your network to use a static IP on your LAN by adding/editing the following in /etc/sysconfig/network-scripts/ifcfg-eth0:
    nmcontrolled = "no"
    onboot = "yes"
    bootproto = "static"
    IPADDR = 192.168.0.4
    netmask = 255.255.255.0
  3. Specify DNS servers in the /etc/resolv.conf file:
    namserver 8.8.8.8
    nameserver 8.8.4.4
  4. Add a user that you'll use to log in using useradd USERNAME and set its password using passwd USERNAME.
  5. Prevent the root account from logging in. Edit /etc/ssh/sshd_config, specify PermitRootLogin no and restart the ssh service service sshd restart.
  6. You may want to only allow SSH connections to your server from a particular computer:
    iptables -I INPUT 1 -p tcp -m tcp -s 192.168.0.3 --dport ssh -j ACCEPT
    iptables -I INPUT 2 -p tcp -m tcp --dport ssh -j DROP
  7. Update your server with the latest security patches as su (using your admin password from the install) and then yum update.

Web Server

PHP

How to install PHP and configure it with your web server:

MySQL

How to install MySQL:

Tor

How to install and configure Tor (for CentOS):

  1. Add The Tor Repository
    Add Tor to the list of repositories, a source of software, by adding the following to /etc/yum.repos.d/:
    [tor]
    name=Tor experimental repo
    enabled=1
    baseurl=http://deb.torproject.org/torproject.org/rpm/el/6/$basearch/
    gpgcheck=1
    gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc

    [tor-source]
    name=Tor experimental source repo
    enabled=1
    autorefresh=0
    baseurl=http://deb.torproject.org/torproject.org/rpm/el/6/SRPMS
    gpgcheck=1
    gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
  2. Install Tor
    yum install tor
  3. Start Tor
    service tor start
    chkconfig --levels 235 tor on
  4. Configure Tor
    Edit /etc/tor/torrc and add/ammend it for:
    1. SocksPolicy
      We'll change this to only allow the machine itself (not other computers) to use this machine to connect to Tor:
      SocksPolicy accept 127.0.0.1
      SocksPolicy reject *
    2. HiddenServiceDir and HiddenServicePort
      This specifies the location of your hostname & private_key (the files that specify your .onion address and confirm its authenticity) and where to direct the traffic to. The hostname & private key files are created automaticlaly, so don't worry about those for now. We will be telling Tor to direct anything on port 80 (website traffic) to go to port 4890 (a semi-random number) instead:
      HiddenServiceDir /var/lib/tor/hidden_service/
      HiddenServicePort 80 127.0.0.1:4890
    3. Bandwidth
      Specify or reduce the RelayBandwidthRate and RelayBandwidthBurst to prevent Tor from using too much of your bandwidth.
  5. Restart Tor
    Restart Tor to make it see the changes:
    service tor restart
  6. Update Lighttpd
    Our web server is configured to listen for web traffic on port 80, but we're now using port 4890. So let's tell it to listen to port 4890 by editing /etc/lighttpd/lighttpd.conf:
    1. server.port
      This is the port number lighttpd listens to:
      server.port = 4890
    2. Restart Lighttpd
      service lighttpd restart
  7. SELinux
    CentOS has a security called SELinux which controls what applications can use what port number. So we'll need to tell it that we want to use port 4890 for website traffic. We'll install and use semanage to do this:
    yum install semanage
    semanage port -a -t http_port_t -p tcp 4890
  8. Find Your Hostname
    Find the .onion address that Tor has just created. This will be the address of your website, copy and paste it into a browser to check it works:
    cat /var/lib/tor/hidden_service/hostname

Added Security

Further steps to secure your website:

Virtual Hosting

How to use your new server to host more than one hidden services:

See Also

External Links

Retrieved from "http://hiddenwep33eg4w225lcdwcez4iefacwpiia6cwg7pfmcz4hvijzbgid.onion/index.php?title=Hosting_Hidden_Services&oldid=9616"