[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tutorials for providing Hidden Services?



On Thu, Dec 18, 2008 at 06:24:46PM -0000, 6cnf6cp02@xxxxxxxxxxxxxx wrote 0.7K bytes in 10 lines about:
: I want to provide basic free anonymous blogging services using Tor's hidden services. Are there any tutorials for this, apart from the basic setup information on Torproject.org? More specifically, how can I stop my users from identifying my server? What do I have to pay attention to?

There is no tutorial that I know of.  Each piece of software has
different concerns and configurations to protect both your and your
users anonymity.  


: How can I block connection attempts by Apache using my external network interface, eg. if the users execute scripts that contact external addresses? What information is exposed by environment variables, and how can I stop the user from reading them? For example, can I modify timezone/timestamps to obfuscate my server location?

Just some thoughts.  Run apache on localhost.  Set the system time to UTC.
Check the 404 page and such so that it doesn't give out the hostname.
Run apache in a jail, etc.  Run the jail/vm on a system without a public
IP; such that if someone does break apache, they find the IP address is
192.168.1.2 (or some other RFC1918 scheme).

: What settings do I have to change to fully remove Apache's IP logging to protect my users?

Disable access logging.

-- 
Andrew