Bitcoin Forum
December 07, 2016, 04:42:30 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3  All
  Print  
Author Topic: Rate my Tor Hidden Service  (Read 15712 times)
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 08, 2012, 09:00:25 PM
 #1

Internet --> Modem --> Sonicwall TZ215 --> OpenBSD firewall appliance --> OpenBSD Server with TOR Hidden Service

Notes
-OpenBSD is considered to be the most secure OS out there
-OBSD comes with military grade encryption

Now my only problem is whether I can successfully run vBulletin with OpenBSD as a server.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481128950
Hero Member
*
Offline Offline

Posts: 1481128950

View Profile Personal Message (Offline)

Ignore
1481128950
Reply with quote  #2

1481128950
Report to moderator
Aggro
Donator
Sr. Member
*
Offline Offline

Activity: 296



View Profile
March 08, 2012, 09:33:27 PM
 #2

Internet --> Modem --> Sonicwall TZ215 --> OpenBSD firewall appliance --> OpenBSD Server with TOR Hidden Service

Notes
-OpenBSD is considered to be the most secure OS out there
-OBSD comes with military grade encryption

Now my only problem is whether I can successfully run vBulletin with OpenBSD as a server.

I think you should be able too. Might be too slow because VB is known to be an html monster Smiley I have seen phpbb and punbb being used on tor.
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 08, 2012, 10:33:14 PM
 #3

The Server PC itself will be this: https://eracks.com/products/General%20Purpose/VALUE
furrythunder
Newbie
*
Offline Offline

Activity: 4


View Profile
March 09, 2012, 04:23:44 AM
 #4

The setup is nice an everything but the vBulletin track record on security is not that great. Everything else is useless if some remote exploit can reveal the servers ip address.
jake262144
Full Member
***
Offline Offline

Activity: 210


View Profile
March 09, 2012, 08:22:34 AM
 #5

OBSD comes with military grade encryption
lol  Cheesy
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:14:40 AM
 #6

The setup is nice an everything but the vBulletin track record on security is not that great. Everything else is useless if some remote exploit can reveal the servers ip address.

How is that possible when used in conjunction with TOR?
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:15:17 AM
 #7

OBSD comes with military grade encryption
lol  Cheesy

What? Do you even know what military grade encryption is?
John (John K.)
Global Troll-buster and
Legendary
*
Online Online

Activity: 1092


Will read PM's. Have more time lately


View Profile
March 09, 2012, 10:20:51 AM
 #8

vBulletin is useless if you're paranoid about security. Just take a look at the exploits found for it monthly and you'll think twice about using it.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:50:26 AM
 #9

vBulletin is useless if you're paranoid about security. Just take a look at the exploits found for it monthly and you'll think twice about using it.

Nothing is better than vBulletin in the message board world.
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:51:39 AM
 #10


-OBSD comes with military grade encryption


From you saying laughable stuff like the above, I can
already tell you the major security flaw in your system:

    - system administrator is a complete noob.


I think you're an idiot who can't even explain what he or SHE means properly.

Also if I'm not good enough to be sys adm, I'll just hire someone, that's the great thing about me, I'm rich... haha.
John (John K.)
Global Troll-buster and
Legendary
*
Online Online

Activity: 1092


Will read PM's. Have more time lately


View Profile
March 09, 2012, 01:15:44 PM
 #11

VBulletin is brilliant forum software. It really is. But it has an absolute crap load of vulnerabilities and is definitely not suited to TOR at all!

Take our advice and use something like PHPBB, or hell make your own in PHP if you really want.

Everybody knows hackers love to use TOR, and when they stumble across a vbulletin forum, they are bound to try out atleast one exploit.

Also, I would be very sure the remote IP could be discovered using certain exploits.
+1. I'm fairly sure there's still working sql injection attacks working against vBulletin as the GPC function still does not filter parenthesis as for today.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 03:40:32 PM
 #12

znort is a gay poor faggot that just made my ignore list.

anyways until i find something better than vbulletin, that is what i'm sticking with, oddly enough it's just a small group of people who THINK that vbulletin is the most vulnerable
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 09, 2012, 04:35:04 PM
 #13

Internet --> Modem --> Sonicwall TZ215 --> OpenBSD firewall appliance --> OpenBSD Server with TOR Hidden Service

Notes
-OpenBSD is considered to be the most secure OS out there
-OBSD comes with military grade encryption

Now my only problem is whether I can successfully run vBulletin with OpenBSD as a server.

Looks fine, but just be mindful of what others have already said regarding your forum software choice ... all those layers are useless if someone successfully exploits your board.



And to answer your question, you can run vBulletin with no issues on OpenBSD ...
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 04:45:06 PM
 #14

Okay to be honest I don't care if someone hacks the boards, that just means I have to reload an older version of the boards.

Also according to other sites, alot of vbulletin exploits are found but not many boards are seen hacked.

And furthermore, why can't people come up with a better choice than vBulletin? Probably because there are none.

IF I DO FIND A MORE SECURE VERSION, then I will switch to that.
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 09, 2012, 04:47:58 PM
 #15



And furthermore, why can't people come up with a better choice than vBulletin? Probably because there are none.



People have made recommendations already in this thread - phpbb has popped up a few times, the software this forum runs is pretty decent as well ...

For vbulletin, just keep track and update when necessary and keep decent backups

Remember, you asked for people to rate your hidden service - they gave you their opinions on where it felt weak ... if you don't like those opinions, then why ask people to rate?
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 04:57:43 PM
 #16

Alright, I will take all things into consideration.

PHPBB vs vBulletin
John (John K.)
Global Troll-buster and
Legendary
*
Online Online

Activity: 1092


Will read PM's. Have more time lately


View Profile
March 09, 2012, 04:59:48 PM
 #17

Okay to be honest I don't care if someone hacks the boards, that just means I have to reload an older version of the boards.

Also according to other sites, alot of vbulletin exploits are found but not many boards are seen hacked.

And furthermore, why can't people come up with a better choice than vBulletin? Probably because there are none.

IF I DO FIND A MORE SECURE VERSION, then I will switch to that.

The better choice is PHPBB.

If your forum gets hacked all of your users sensitive information will be leaked. Your entire server may even get rooted and affect every other website on it and have all of your data on it leaked. Your server may also be used to send out shit loads of spam and get your IP blacklisted or even get your server disconnected by the datacenter. And once the vulnerability is found, the hackers will just keep using it until you or someone else patches it. It will also take you a few days to get all the passwords of everything changed in order to get the website back up. Also once your website is hacked the majority of your users will leave

Not true. I've seen many vbulletin forums get hacked. Have a look around onionland, you won't find any.

Also, vbulletin is very messy with its html and will be slow as hell on TOR.
Use a stripped down version of phpBB for maximum security. Also, remember to update it. vBulletin(especially outdated ones) is a piece of cake for seasoned sql ninjas.

Back to the topic, your Tor Hidden Service is only as secure as the weakest link, which is vBulletin now. We don't care about military grade encryption stuff as rooting a 'hot' server would leave the encryption keys in the memory and the stuff decrypted, ready for a leak.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
March 09, 2012, 05:06:51 PM
 #18

this thread is full of lulz about a weak sysadmin(boconniff40). WIN!

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 05:21:01 PM
 #19

What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
John (John K.)
Global Troll-buster and
Legendary
*
Online Online

Activity: 1092


Will read PM's. Have more time lately


View Profile
March 09, 2012, 05:25:55 PM
 #20

What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
I remember reading something about it years ago. I've no prior experience on this so I have to say I don't know. However, this seems not really popular...

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

Pages: [1] 2 3  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!