3 Comments

How to host your website in Deep Web via Tor

Note that first of all, you need a dedicated server and datacenter that allows you to host Deep Web.

See the servers available to host your Deep Web site by clicking here.

If you are looking for a Tor hosting with cPanel to host your Deep Web site, see our plans by clicking here.

This post was originally published in Viva o Linux.

In this article I will explain how to put your site/blog/forum/store on Deep Web, more specifically on DarkWeb.

To continue the process you need:

  • Make sure you understand what this is about.
  • Web server with its content already installed and running on any port.
  • Pay me a beer and a pack of cigarettes. I’m just kidding. But if you want it can be

INSTALLATION AND CONFIGURATION OF THE TOR (EASY WAY)

The first method of installation is through the compilation of fonts. The great advantage of this method is that you will install the most up-to-date version.

Before you begin, Tor has some dependencies. In the case of a newly installed Debian, he only asked for these two:

  • libevent-dev
  • libssl-dev

Maybe I have more on other operating systems, but I do not think there are too many.

Let’s download the source, enter:

Click “Source Code” and click “Download.” Note: Do not download the unstable version.

Unzip the downloaded file with:

tar xf tor*.gz

At this point you will have the zipped file and next to the folder with the font files. Rename the source files folder to an easier name to remember and move it to the /opt/ directory:

mv tor-0.2.5.12/ tor/
# mv tor/ /opt/

Enter the /opt/tor directory and send the command:

./configure

If you need to install a few more dependencies, this is where you will see a warning about this need. If everything went right, just continue:

# make

If it did not give any error, it means that Tor is already installed correctly. Let’s test, run the tor tor torrent from the command line using:

# /opt/tor/src/or/tor

When run for the first time, it will fetch some information needed to mount the circuit. Maybe it will take a while.

If a line containing “[notice] Bootstrapped 100%: Done” appears, it means Tor has been able to connect to the network perfectly. So, we already have Tor up and running. Then send a Ctrl+C to close the Tor and we will go to the configuration part.

An important security issue is that you should not run Tor as root. So let’s start by creating a specific user to run Tor:

# useradd -d /opt/tor/src/or -s /bin/bash tor-user
# passwd tor-user #– Defina uma senha para o usuário.

Change the ownership of the Tor folder to the new user:

# chown -R tor-user.tor-user /opt/tor/

Create a directory for our configuration file, a directory to store the Tor PID and a directory where the information from our Hidden Service will be stored. I usually use:

# mkdir /etc/tor/ #– Directory for configuration file.
# mkdir /var/run/tor #– Directory where the PID will be stored.
# mkdir /tor/ #– Directory where the hostname and private_key files will be stored.

Change the properties and permissions of the folders so that the user “tor-user” has write permission:

# chown tor-user.tor-user /etc/tor/
# chown tor-user.tor-user /var/run/tor/
# chown tor-user.tor-user /tor/
# chmod 700 /tor/

Okay, log in to the “tor-user” user and let’s start the setup:

# su – tor-user

Create the file “/etc/tor/torrc” and open it with your text editor:

vi /etc/tor/torrc

Follow the contents of the file:

#RunAsDaemon 1
PidFile /var/run/tor/tor.pid

HiddenServiceDir /tor/
HiddenServicePort 80 127.0.0.1:80

The lines that actually configure our Hidden Service are “HiddenServiceDir” and “HiddenServicePort”.

If your Web Server is running on port 80 and on the same machine you are installing Tor, this file just the way it is.

Save the file and close it.

Now let’s test:

/opt/tor/src/or/tor -f /etc/tor/torrc

When running, if all is correct, the “hostname” file will be created inside /tor/, which is where your Hidden Service address is, as well as the “private_key”.

To get the address of your Hidden Service:

cat /tor/hostname

Just open Tor Browser now and test if it is accessible.

If you plan on running like Daemon, we still have a few things to do.

Uncomment the “RunAsDaemon 1” line of the /etc/tor/torrc file.

Log in as root and create the /etc/init.d/tor file with the following content:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          tor
# Required-Start:    $local_fs $remote_fs $network $named $time
# Required-Stop:     $local_fs $remote_fs $network $named $time
# Should-Start:      $syslog
# Should-Stop:       $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description:       Start The Onion Router, a TCP overlay
#                    network client that provides anonymous
#                    transport.
### END INIT INFO

# Author: MarceloTheodoro <[email protected]>

PIDFILE=/var/run/tor/tor.pid
DAEMON=/opt/tor/src/or/tor
UID=1001
TOR_OPTS='-f /etc/tor/torrc'

case "$1" in
  start)
        start-stop-daemon --start --quiet --chuid $UID  --pidfile $PIDFILE --exec $DAEMON \
	-- $TOR_OPTS
	echo "Ok."
	;;
  stop)
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON
	rm -f $PIDFILE
	echo "Ok."
	;;
  status)
	start-stop-daemon --status --pidfile $PIDFILE --exec $DAEMON
	if [ "$?" = "0" ]; then
		echo Tor is running.
	else
		echo Tor is not running.
	fi
	;;
  *)
	echo "Usage: tor {start|stop|status}" >&2
	exit 3
	;;
esac

This code, as it stands, will work fine for Debian-like. In other distributions that do not have the “start-stop-daemon”, it will not work. In this case you can use the other method of installation.

Before you continue, you must change the “UID” variable with the user information that you created earlier. You can find the user’s “UID” with:

cat /etc/passwd

Find the line corresponding to the created user, the “UID” is the third column.

Save and close the file. Make it executable with:

# chmod +x /etc/init.d/tor

Put to start automatically with:

# insserv tor

Ready. :)

INSTALLATION AND CONFIGURATION OF THE TOR OF A LARGER EVEN MORE EASY

The easiest way to do this is through repositories. Although it is the most boring way too. :(

Tor is probably already available in your repository if you use Debian/RedHat. But even though it is available, it is probably outdated. Ideally, you should configure your own Tor Project repositories, following the links to the repository configuration.

Note: If you do not know how to configure repositories, search for “how to configure repositories in * insert here the name of your distribution and version *”.

RedLike, clones:

Debian, Ubuntu etc:

Well, okay. Repositories configured, the installation is as usual.

For Debian-like:

# apt-get update
# apt-get install tor

Redhat-like:

# yum update
# yum install tor

Generally, at the end of the installation, Tor starts automatically. If this is the case, stop the service, with “service tor stop“.

Open the /etc/tor/torrc file in your preferred editing program.

# vi /etc/tor/torrc

With the file open, search for:

######### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file “…/hidden_service/hostname” for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

Take the comment (#) from the following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

In the line “HiddenServiceDir” is defined where the following files will be stored:

  • private_key :: This file is the most important in this whole story. This is where the unique private key of your server is stored. It is with it that the server will decrypt the requests sent to its Hidden Service. If an attacker gets access to this file, it could, among other things, get past you. If you plan to use this Hidden Service for a long time, I recommend a backup of this key.
  • hostname :: This file contains the link to your Hidden Service that will be used to access through Tor. The link is made up of “16 characters” .onion

* An important detail: Tor creates a specific user to work on, since it is not recommended to start it with root. The folder chosen must have “write permission” for the user who will run the Tor.

In Debian, the created user is the “debian-tor”. Not sure about other distributions, but should follow the same style. When in doubt, leave the default directory.

In the “HiddenServicePort” line we will configure the connection information.

The syntax is:

HiddenServicePort x y:z

Where “x” is the port where Tor will receive the connections. Any door can be used here. Even the port itself where your web server is running, since that port is only relevant within the Tor context. There is only need to change if you are setting up more than one Hidden Service on the same server.

In “y:z”, it is the address and port that your site is working on respectively. If you are installing Tor on the same machine where the WebServer is installed, and it is running on port 80, there is no need to change.

After these changes, save file and close.

Restart Tor with a “service tor restart”. If no error has occurred, you’re done!

Go to the “hostname” file, inside the folder that you configured in “HiddenServiceDir”. Open it and there will be the address of your Hidden Service!

Just grab the address and open the Tor Browser to see if it is accessible. In some cases, it may take a few minutes for it to become accessible, but in general, it is available on time.

CONCLUSION

Tor is installed and configured to work with our Hidden Service.

Some more details:

1. Failures in the Web application can easily cause an attacker to discover their real IP. And we probably do not want that to happen. So make sure your site is safe. The vast majority of the famous cases of Hidden Services that have been identified, were due to application failures.

2. Depending on what you’re running, you probably want your site to be accessed only through Tor, right? Then make some rules in the Firewall so that your WebServer port discards all requests, except those made by the “127.0.0.1” address, which is your own machine.

3. You do not have to run and configure Tor exactly on the same machine running the Web server. They can be on different machines, and that would even add a layer of security. Not much, but it’s something.

4. Your web application should not use things like: Java applet, flash etc. If possible, avoid Javascript (most users often leave Javascript disabled). Also, arm your Web Server and OS so it does not make any kind of public information.

5. You can configure more than one Hidden Service on the same machine. Or more than one service for the same Hidden Service.

In case of doubts, you can post in the comments or contact me by email, as far as possible I answer: marcelotheodoro at outlook.com

If you have suggestions for tutorials on the subject, you can give suggestions as well.

To the next!

By Marcelo Theodoro.

You might also like

More Similar Posts

3 Comments. Leave new

  • Ross Alisha
    05/11/2018 03:52

    How about the usage of wordpress pluggins? I have hosted my website with godaday, but All the time they have one or other issues. Sometimes they wanted me to uninstall all the plugins which I can’t do. Please advise.

    Reply
    • Impreza Team
      05/11/2018 10:06

      Hi! Sometimes it is important to disable all plugins temporarily to check for any possible errors on the site, but disabling them all permanently is not normal.

      Reply
  • Deepweb links
    30/11/2018 02:01

    I have run my site on WP Engine, Gogaddy Managed and currently Flywheel. Flywheel wins hands down because of the environment your website runs on (VPS) WP Engine was great with excellent support, but they charge for going over you monthly allowed visitors, makingthem the most expensive in the long run. Godaddy wasn’t all that bad Really. They are making improvements and their product is on par with the top companies listed here. Deal -breaker for them is the lack of knowledgeable support personal, and unlike the other two, Godaddy won’t fix your site for free if it gets hacked. They use Site Lock as their malware scanning service which out right sucks. The other two If I’m correct uses Securi .

    Reply

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.