New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Make website accessible thorugh TOR only?
The topic title might be a bit wierd but basically I was wondering: Is it possible to make your website only accessible through TOR? I've found this tutorial on how to setup a TOR website on Windows, but I was wondering if it's possible on Ubuntu/Linux with Nginx?
Thanks!
Comments
Yes. Simply install TOR and set up a hidden service. This is possible on any OS that runs TOR.
EDIT: Additionally, you'll want to make your service (httpd, etc) only listen on localhost.
I wonder how this works and i am too lazy to dig the documentation now.
Would someone please tell me how it works - the tor node with the .onion site communicates / receives requests from the Tor entry nodes, the Tor middle nodes or the Tor exit nodes?
Would someone please tell me how it works - the tor node with the .onion site communicates / receives requests from the Tor entry nodes, the Tor middle nodes or the Tor exit nodes?
When running a hidden service, you are effectively combining two TOR "tunnels". The chain looks something like this:
Visitor -> Their entry node -> Their middle node -> Single exit node <- Your middle node <- Your entry node <- You (or your service, rather).
The data is encrypted all the way through. Setting up a hidden service really just means that you create a .onion address through which you are reachable, and when traffic for that .onion address arrives on your server, TOR will effectively reverse-proxy whatever "destination" you specified for that address. This will usually be something like localhost:80.
EDIT: Additionally, you'll want to make your service (httpd, etc) only listen on localhost.
Thanks. I was looking for the correct termonology.
You don't happen to have a tutorial lying around somewhere to do this?
That's not a problem, since in the end the site is still hosted from/via TOR.
You don't happen to have a tutorial lying around somewhere to do this?
TOR has pretty good documentation
https://www.torproject.org/docs/tor-hidden-service.html.en
Slow service, slow network, enjoy pulling your hair out
Hey, some of us still remember the days of the dialup internet. Or internet transported over damn slow X25 to somewhere else...
I remember internet over short waves and BBSs...
I even remember my acoustic coupler.
Ah! The beauty of the past... Watching the status bar all night while downloading 200 kilobyte of data with a pillow over the coupler to avoid any noise interferences...
I did this, was pretty easy
EDIT: Additionally, you'll want to make your service (httpd, etc) only listen on localhost.
But I can't get this to work: Nginx keeps listening at 'normal' http; If I type in the IP of my server, my webpage still pops-up. I changed my IP in /etc/nginx/site-available/... to localhost but that doesn't solve it :P (restarted nginx).
How can I prevent my VPS from serving webpages over normal HTTP and only over TOR?
Thanks!
Now that's old school, I got involved with computers fairly young but I never had the displeasure of using an acoustic coupler.
In the worst case scenario, you can block port 80 with iptables and ip6tables if you have ipv6 too.
Is there no simpler method to say to Nginx 'no-no don't listen to mister IPv4! Only to mister TOR' ?
Thanks!
server { listen 80; server_name localhost;
in your config maybe ?
edit
or
server { listen 127.0.0.1:80;
Tor is interesting, but I wouldn't touch it with a 50 foot pole. It's a honeypot. Look at the funders/sponsors/original money.
Been too many high profile cases, busts, etc. over it and folks running end nodes monitoring all sorts of stuff. Far too few public facing nodes to overcome the issues through fragmentization.
Conceptually good, implemented bad.
Question is, what other alternatives are there currently?
in your config maybe ?
In /etc/nginx/nginx.conf ?
yeah. the server line should already be there. edit below
I believe that would be the correct syntax.
also im not 100% sure with nginx but check everywhere to make sure it doesn't show its real ip address. otherwise its pointless hiding though tor.
they recommend thttpd
Of course there is another way, but it is not simpler Add a block and it is done, you also solve arbitrary probing for vulnerabilties there.
If you need port 80 for something else (usually another webserver), then it is a different story.
The server-line is not in there but it is in my /etc/nginx/site-available/site configuration:
http://pastebin.com/7hP6uDAr
(Changing localhost to 127.0.0.1:80 makes no difference)
change the listen rather than the server name.
change will need a restart
Well if you were crazy enough.. you can default block port 80 to all IPs then download a IP list of all TOR EXIT nodes and have iptables only allow those IPs to connect...
No need to download a list of Tor exits. Users connecting through the hidden service will be coming from 127.0.0.1. Just block port 80 with iptables and ip6tables.
Edit: Of course, figuring out the nginx config to listen only on localhost would be better.
My crazy method involves people coming over clearweb port 80 not a hidden service.
CAUSE IT SOUNDED LIKE FUN @joepie91 :P
change will need a restart
Thanks for the reply. I changed the listen instead of the severname and it worked !