[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Yet another Tor failure - DanWin1210.me Hosting hacked

or use Qubes OS , its useful with some knowledge about it to make it
great OS for hosting (i didnt test that for web hosting , but
theoretically possible).And more secure than docker or plain debian or
bsd ...etc.

> On 11/15/2018 10:23 PM, Daniel Winzen wrote:
>> Hello,
>> yes my server got hacked. How - I do not know yet and I will need to do
>> an extensive analysis. I did indeed not maintain backups, partly for the
>> reason that users should have the right to be forgotten immediately when
>> deleting their accounts. Around 1TB of data is gone.
> Hey, sorry about that :( And I do got your point about backups.
> Although, in retrospect, a backup setup with relatively fast rotation,
> and thorough deletion of old backups, would be prudent.
>> The scripts are open source and anyone who would like to build something
>> similar is welcome to do so. However you should note there might be a
>> risk of getting hacked too in case the vulnerability is hidden in those
>> scripts. I will re-instantiate my hosting only after the vulnerability
>> is found and fixed. https://github.com/DanWin/hosting/
> As I said, shared hosting is a security nightmare. As I understand it,
> you're depending on not much more than permissions to protect users from
> each other. And in that situation, it's not _that_ hard for a skilled
> hacker to get root, and do what they like.
> If I were going to attempt such an .onion hosting setup, I'd use a
> couple levels of isolation between users. But first, I'd use LUKS with
> dropbear for server FDE. It ain't perfect, but an attacker would need to
> take some care while impounding the server.
> Basically, I'd setup several KVM domains, to help limit damage from a
> compromise. Within each domain, I'd put each website in a Docker
> container. Given a custom Docker-optimized kernel for the host, and XFS
> storage, it's possible to set hard limits on CPU, RAM and storage for
> each Docker container.
> Docker containers rely on kernel namespaces and cgroups. That's not as
> secure as using full VMs, but _far_ lighter. And _far_ more secure than
> chroot, which many shared-hosting setups still rely on. Alternatively,
> one could use FreeBSD jails, and maybe that can also work with Docker.
> Anyway, if you're interested, I'd be happy to help. I'm just a hobbyist,
> and totally self-taught. I mostly just use shell scripts. And I lack the
> patience and organization to actually operate a shared-hosting site.
>> Any updates will be posted on my front page: https://danwin1210.me/
>> Regards,
>> Daniel
>> On 16/11/2018 06:13, Mirimir wrote:
>>> On 11/15/2018 09:52 PM, torify@xxxxxxxxxxx wrote:
>>>> DanWin1210.me hosting service was hacked.
>>>> https://danwin1210.me/
>>>> All Tor Onions are dead.
>>> I guess that he didn't maintain backups :(
>>> Maybe some of those .onion owners did, though.
>>>> FH1: Unknown
>>>> FH2: Took down by FBI
>>>> FH3: Unknown
>>>> Danwin1210: Ripped by Anonymous
>>>> Now where is "Freedom Hosting IV"?
>>> Shared hosting is a security nightmare. Just sayin'.
>>>> And why so hate on Tor Onion service?
>>> This was just for lulz, no?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to