[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Question about TOR and IIS - Also hello!



Roger!  Thanks!  I've read and re-read that document and I just finally realized that the directory path I've been pointing it to was not correct.  LOL.  Man....no telling how much time I've spent on it being convinced that it was the fact that I was on a Server 2003 boc\x and not a linux box.  Sigh.   Anywho....Once I had the hidden_service directory fixed in my torrc file, it worked like a charm. 
 
Following your suggestion, I have it pointing to port 81 rather than 80.  At first, Vidalia ran my processes up to 50% CPU usage for a few minutes and then went back down to the nominal 0-1% CPU usage.  Any ideas why this is the case?
 
I'm currently pouring over how to leave the website and server anonymous.  Any suggestions on how to suppress information and how to poll IIS for information?  I want to really button this thing up!
 
Thank you so much!
 
Chris

On Jan 15, 2008 10:19 AM, Roger Dingledine <arma@xxxxxxx> wrote:
On Tue, Jan 15, 2008 at 10:10:32AM -0500, Chris Burge wrote:
> Ok...I've been running a relay on Windows (XP, Vista and Server 2003) for
> the past year.

Thanks. :)

>  I hope this is the right list I can post this on.  Either
> way, I a m looking to become more involved with TOR
> (donations/development/etc)

https://www.torproject.org/donate
https://www.torproject.org/documentation#DesignDoc
are probably two good places to start.

> given that none of the leading presidential
> candidates (except Huckabee or Ron Paul who are both lagging in the
> polls) in the US seem to be worried about privacy, Real ID and etc..
>
> I am now ready to try and run a hidden service on my Server 2003 box
> (specificly IIS) but have failed miserably.  I'm stuck with IIS for now as I
> have always been a Microsoft developer (hey brings food to the table) and am
> not currently confident in running Apache at this time with IIS (only one
> box at this time).  Essentially, I want to run IIS with a mixture of sites
> using TOR and not using TOR.  I had imagined I would use my onion routing
> address in the host headers of the site I want TOR packets to hit while
> other sites would naturally take regular packets.  Does anyone have a clue
> as to what I'm trying to do and how I might solve it?  I'm not interested in
> moving to Apache at this time until I'm more confident with it and with a
> cms such as TYPO3.

The first thing I would worry about with one webserver that handles
hidden services and "normal" websites is if somebody can connect to the
hidden service website, ask for the real website, and get it. This lets
an attacker guess-and-check about where your hidden service lives. In
apache-land this is usually solved by listening on two different ports,
and making sure to keep the two classes of sites separate in apache's
mind. I imagine there's a way for IIS to do it too.

https://www.torproject.org/docs/tor-hidden-service#three
has a bit more discussion.

If you get it working well and want to document what you did and why,
that would be great. Hidden services haven't received much attention
over the past few years in terms of writing tutorials.

--Roger




--
Interested in selling your home?  Ask me!