[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Onion website on "usual" server

On Sun, 14 Apr 2019 00:54:42 +0400
meejah <meejah@xxxxxxxxx> wrote:

> Mirimir <mirimir@xxxxxxxxxx> writes:
> > Even so, that's a little fragile. Mistakes happen. And there's the issue
> > of web server error messages from the onion site going to clearnet.
> > That's one of the mistakes that got DPR pwned.
> The best solution to prevent this accident is to have the onion site
> listening on a Unix socket, and set up the Onion service in Tor to
> direct to that.

Still if you run regular and anonymous websites in the same server process, it
is a disaster waiting to happen. At least don't forget to ensure that your
clearnet listener doesn't answer to the .onion "Host: ", and vice versa. But
if this is even remotely critical, then just run a fully separate server
process, and a simple way to do that (granting you more isolation as a bonus)
as mentioned before, is a VM.

With respect,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to