[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Fri, 16 Nov 2018 14:33:20 -0700
Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 16 Nov 2018 16:33:36 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1542404003; bh=z2AmkS01jaDXPeci35CMSOKp/DkaafkXJwXNb+juow8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=CqGmfDqptgto2LrEBReHkV0mA9XIL3/9Xrg04mJs4RbBtowHZ1MKzBHg5Eo8KzXg5 offtOwf/XgBy2xNfrY/mwitHk7KCubgNN9V1WdBfyI/W5dM5p/x9aga7Zoi57bYQ6e 5UMPyy36zvBsn1CtNQ4olIgIoB1PE12VLp3beD1M=
In-reply-to: <9ff83b88-9291-ef28-2c75-61bd5eaa7137@winzen4.de>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <b525acd874924c19526f05850e70f02a.squirrel@giyzk7o6dcunb2ry.onion> <dd0e3fd4-0d17-c3da-7514-bfa9cd377445@riseup.net> <9ff83b88-9291-ef28-2c75-61bd5eaa7137@winzen4.de>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 11/15/2018 10:23 PM, Daniel Winzen wrote:
> Hello,
> 
> yes my server got hacked. How - I do not know yet and I will need to do
> an extensive analysis. I did indeed not maintain backups, partly for the
> reason that users should have the right to be forgotten immediately when
> deleting their accounts. Around 1TB of data is gone.

Hey, sorry about that :( And I do got your point about backups.
Although, in retrospect, a backup setup with relatively fast rotation,
and thorough deletion of old backups, would be prudent.

> The scripts are open source and anyone who would like to build something
> similar is welcome to do so. However you should note there might be a
> risk of getting hacked too in case the vulnerability is hidden in those
> scripts. I will re-instantiate my hosting only after the vulnerability
> is found and fixed. https://github.com/DanWin/hosting/

As I said, shared hosting is a security nightmare. As I understand it,
you're depending on not much more than permissions to protect users from
each other. And in that situation, it's not _that_ hard for a skilled
hacker to get root, and do what they like.

If I were going to attempt such an .onion hosting setup, I'd use a
couple levels of isolation between users. But first, I'd use LUKS with
dropbear for server FDE. It ain't perfect, but an attacker would need to
take some care while impounding the server.

Basically, I'd setup several KVM domains, to help limit damage from a
compromise. Within each domain, I'd put each website in a Docker
container. Given a custom Docker-optimized kernel for the host, and XFS
storage, it's possible to set hard limits on CPU, RAM and storage for
each Docker container.

Docker containers rely on kernel namespaces and cgroups. That's not as
secure as using full VMs, but _far_ lighter. And _far_ more secure than
chroot, which many shared-hosting setups still rely on. Alternatively,
one could use FreeBSD jails, and maybe that can also work with Docker.

Anyway, if you're interested, I'd be happy to help. I'm just a hobbyist,
and totally self-taught. I mostly just use shell scripts. And I lack the
patience and organization to actually operate a shared-hosting site.

> Any updates will be posted on my front page: https://danwin1210.me/
> 
> Regards,
> Daniel
> 
> On 16/11/2018 06:13, Mirimir wrote:
>> On 11/15/2018 09:52 PM, torify@xxxxxxxxxxx wrote:
>>> DanWin1210.me hosting service was hacked.
>>> https://danwin1210.me/
>>>
>>> All Tor Onions are dead.
>>
>> I guess that he didn't maintain backups :(
>>
>> Maybe some of those .onion owners did, though.
>>
>>> FH1: Unknown
>>> FH2: Took down by FBI
>>> FH3: Unknown
>>> Danwin1210: Ripped by Anonymous
>>>
>>> Now where is "Freedom Hosting IV"?
>>
>> Shared hosting is a security nightmare. Just sayin'.
>>
>>> And why so hate on Tor Onion service?
>>
>> This was just for lulz, no?
>>
> 
> 
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
  - From: bo0od

References:
- [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
  - From: torify
- Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
  - From: Mirimir
- Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
  - From: Daniel Winzen

Prev by Author: [tor-talk] tor-talk@xxxxxxxxxxxxxxxxxxxx
Next by Author: Re: [tor-talk] tor-talk@xxxxxxxxxxxxxxxxxxxx
Previous by thread: Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
Next by thread: Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked
Index(es):
- Author
- Thread