Bitcoin Forum
December 05, 2016, 12:49:55 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Rate my Tor Hidden Service  (Read 15709 times)
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 09, 2012, 06:06:13 PM
 #21

What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]

irc over ssl is an option, you could use certificate based authentication with your clients
1480898995
Hero Member
*
Offline Offline

Posts: 1480898995

View Profile Personal Message (Offline)

Ignore
1480898995
Reply with quote  #2

1480898995
Report to moderator
1480898995
Hero Member
*
Offline Offline

Posts: 1480898995

View Profile Personal Message (Offline)

Ignore
1480898995
Reply with quote  #2

1480898995
Report to moderator
1480898995
Hero Member
*
Offline Offline

Posts: 1480898995

View Profile Personal Message (Offline)

Ignore
1480898995
Reply with quote  #2

1480898995
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480898995
Hero Member
*
Offline Offline

Posts: 1480898995

View Profile Personal Message (Offline)

Ignore
1480898995
Reply with quote  #2

1480898995
Report to moderator
1480898995
Hero Member
*
Offline Offline

Posts: 1480898995

View Profile Personal Message (Offline)

Ignore
1480898995
Reply with quote  #2

1480898995
Report to moderator
1480898995
Hero Member
*
Offline Offline

Posts: 1480898995

View Profile Personal Message (Offline)

Ignore
1480898995
Reply with quote  #2

1480898995
Report to moderator
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
March 09, 2012, 06:23:50 PM
 #22

What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
just another (useless) protocol.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
jake262144
Full Member
***
Offline Offline

Activity: 210


View Profile
March 09, 2012, 06:42:44 PM
 #23

just another (useless) protocol.
'tis not so, it's a protocol of military-grade strength Grin
Much good it'll do when the vBulletin-powered server gets rooted.

Any server is only as good as the admin running it. Somehow, I've got this gut feeling this ain't gonna be the Fort Knox of forums...
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 09, 2012, 08:40:07 PM
 #24

Also, make sure the root password of the server isn't blank, or "password". This is usually a good security practice as it stops your server from getting completely owned.
LOL The scary part is that I feel that the OP really needs to be given this ^^ advice.


I rofl'd on his statement that he doesn't care if his "hidden service" is hacked because he'll just restore the database.

Hey, you fool, if your "hidden service" is hacked you can bet it will not be a "hidden service" anymore and it will just be a "service"!! Granted.
If it happens the upside is that you won't need to use Tor anymore and can just serve your forum using the normal internet and a normal domain. Cheesy

boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 09:36:32 PM
 #25

Also, make sure the root password of the server isn't blank, or "password". This is usually a good security practice as it stops your server from getting completely owned.
LOL The scary part is that I feel that the OP really needs to be given this ^^ advice.


I rofl'd on his statement that he doesn't care if his "hidden service" is hacked because he'll just restore the database.

Hey, you fool, if your "hidden service" is hacked you can bet it will not be a "hidden service" anymore and it will just be a "service"!! Granted.
If it happens the upside is that you won't need to use Tor anymore and can just serve your forum using the normal internet and a normal domain. Cheesy

I'm sure your username here is "really" pussy and not psy

Anyways can you fat losers stop worrying about MY Tor Hidden Service like a bunch of retard freaks? Cheesy THANKS
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 09:39:25 PM
 #26

I seriously doubt my real IP address will be compromised if vBulletin gets hacked... do you people even know what the fuck you're talking about?

There was this jackass idiot who said previously that a TRUECRYPT volume is useless when it is mounted because you can change the password, I MEAN WHAT THE FUCK, are you some kind of Truecrypt virginal whore or something... no the password and the keyfiles cannot be changed when it's mounted freak...

Now the next time people suggest something bad is going to happen, I suggest they explain the WHOLE POSSIBILITY OF IT and EXACTLY how it'll happen because I am paying a professional hacker to test my security and he's calling some of you bullshitters.
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:11:10 PM
 #27

I seriously doubt my real IP address will be compromised if vBulletin gets hacked

Yes it will. I guarantee you there is atleast 1 vulnerability out there that can be used to get the server to spit out the real IP.

Anyways, if they compromise vbulletin, chances are they can work their way up to rooting the server. Once they do that, your screwed because yes they can get the IP extremely easily then, and they can basically go to town on your server and website.

do you people even know what the fuck you're talking about?

Of course we do, your the one who's claiming we're wrong because you don't like what we are saying.

I am paying a professional hacker to test my security


If you do hire a hacker to audit your website, he will tell you to get rid of vbulletin and replace it with something else.

Okay genius, explain how they are going to get my or others IP address when everyone is using Tor. Also, the server will be in a far off physical location, not at my house.

My professional hacker tells me that anything is hackable, therefore it's really just choosing the lesser of two evils.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 09, 2012, 10:14:41 PM
 #28

I seriously doubt my real IP address will be compromised if vBulletin gets hacked... do you people even know what the fuck you're talking about?

There was this jackass idiot who said previously that a TRUECRYPT volume is useless when it is mounted because you can change the password, I MEAN WHAT THE FUCK, are you some kind of Truecrypt virginal whore or something... no the password and the keyfiles cannot be changed when it's mounted freak...

Now the next time people suggest something bad is going to happen, I suggest they explain the WHOLE POSSIBILITY OF IT and EXACTLY how it'll happen because I am paying a professional hacker to test my security and he's calling some of you bullshitters.

Well motherfucker, let me tell you something: I'm a linux sysadmin on my day job. I mean, WHAT THE FUCK, even today, after 4 years on the job I don't feel confident enough to cover all my tracks in the case I was running an hidden service, hence why I refuse to run one, and probably I'm more qualified to do it than you.
What blazr said is true: Once they pwn your web app it's only a matter of time until they root your server, hell, they don't even need to do that: just fire up some secure shell(doesn't have to be root for it, any other user with a password for ssh will do) and use wget to fetch a file from a server the hacker controls and BAM, he has your IP. Difficult, not really. Difficult to you, for sure...
To avoid what I described previously, tell me please how will you make sure that ANY connection from that server will get routed trough Tor. Please? I also need that answer. Maybe I'll feel qualified enough to run an hidden service after having that answer.

Now get lost, and remember, never ask for opinions when all you want is a patt on the back...

boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:25:55 PM
 #29

I seriously doubt my real IP address will be compromised if vBulletin gets hacked... do you people even know what the fuck you're talking about?

There was this jackass idiot who said previously that a TRUECRYPT volume is useless when it is mounted because you can change the password, I MEAN WHAT THE FUCK, are you some kind of Truecrypt virginal whore or something... no the password and the keyfiles cannot be changed when it's mounted freak...

Now the next time people suggest something bad is going to happen, I suggest they explain the WHOLE POSSIBILITY OF IT and EXACTLY how it'll happen because I am paying a professional hacker to test my security and he's calling some of you bullshitters.

Well motherfucker, let me tell you something: I'm a linux sysadmin on my day job. I mean, WHAT THE FUCK, even today, after 4 years on the job I don't feel confident enough to cover all my tracks in the case I was running an hidden service, hence why I refuse to run one, and probably I'm more qualified to do it than you.
What blazr said is true: Once they pwn your web app it's only a matter of time until they root your server, hell, they don't even need to do that: just fire up some secure shell(doesn't have to be root for it, any other user with a password for ssh will do) and use wget to fetch a file from a server the hacker controls and BAM, he has your IP. Difficult, not really. Difficult to you, for sure...
To avoid what I described previously, tell me please how will you make sure that ANY connection from that server will get routed trough Tor. Please? I also need that answer. Maybe I'll feel qualified enough to run an hidden service after having that answer.

Now get lost, and remember, never ask for opinions when all you want is a patt on the back...

WOW a sysadmin that doesn't have an idea of how a Tor hidden service works lmfao... HOW ELSE CAN PEOPLE access that hidden service if not through TOR?

NOW YOU GET LOST, I DON'T LIKE YOUR OPINION AND I SURE AS HELL DON'T HAVE TO TAKE IT.
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:27:37 PM
 #30


Okay genius, explain how they are going to get my or others IP address when everyone is using Tor. Also, the server will be in a far off physical location, not at my house.


Step 1. Find vulnerability in VBulletin or server.
Step 2. Get root on server.
Step 3. Type "ping" followed by an IP address of a computer they control
Step 4. Check firewall log on controlled PC and recover IP
Step 5. ??
Step 6. Profit

or

Step 1. Find vulnerability in VBulletin
Step 2. Use vulnerability to get vbulletin to request a page from a script hosted on a webserver controlled by hacker
Step 3. Check server log on webserver and recover IP, or even have the script record the IP address
Step 4. ??
Step 5. Profit

Also, I hired a hacker who hired a hacker who says your hired hacker is talking shit.

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 09, 2012, 10:29:21 PM
 #31


Okay genius, explain how they are going to get my or others IP address when everyone is using Tor. Also, the server will be in a far off physical location, not at my house.


Step 1. Find vulnerability in VBulletin or server.
Step 2. Get root on server.
Step 3. Type "ping" followed by an IP address of a computer they control
Step 4. Check firewall log on controlled PC and recover IP
Step 5. ??
Step 6. Profit

or

Step 1. Find vulnerability in VBulletin
Step 2. Use vulnerability to get vbulletin to request a page from a script hosted on a webserver controlled by hacker
Step 3. Check server log on webserver and recover IP, or even have the script record the IP address
Step 4. ??
Step 5. Profit

Also, I hired a hacker who hired a hacker who says your hired hacker is talking shit.

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

One more time: HOW WILL YOU MAKE SURE THAT ALL AND ANY OUTGOING CONNECTION FROM YOUR SERVER WILL GET ROUTED TROUGH TOR?

Answer that. I said I will be grateful...
You seem to forget that Tor traffic still uses the normal internet... Or your version of Tor is a completely different network that bypasses the internet?

BTW, you are also forgetting about
hostname -i
and
/etc/hosts

or whatever are the OpenBSD equivalents for them.
both will give you your IP, which is needed for the server to work.
Of course you could use a VPS inside a dedicated server, and if you did it, it would probably show the local IP, but that wasn't what you described, you moron...

FFS, such a n00b you are...

Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 09, 2012, 10:31:56 PM
 #32

There are LOTS of ways for people to figure out your IP even when protected by Tor.  "[Tor] is experimental software. Do not rely on it for strong anonymity".  There are also LOTS of things needed to make sure you are as secure as possible.

If you think just setting up a tor hidden service that points to apache is enough to hide yourself, you really should do more research.

Maybe look at TorBOX for some tips on security.

https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 09, 2012, 10:42:42 PM
 #33


Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

Finally you understand!

Yes, getting the root WILL allow anyone to circumvent tor, theres absolutely no way you can stop that, unless your Jesus or you you have some sort of magic genie.

when you root a server, you can do whatever the fuck you want.

The only way that woudln't happen is if you dug up every road in the world and layed down your own fiberoptic cable and built your own internet, as pointed out by psy above. I would suggest doing that if you wanted to use VBulletin on TOR and wanted to be 100% sure nobody could get the IP address.
Put your webserver behind a firewall that ONLY allows out Tor traffic and you will be better off.

Internet -> Firewall -> Tor Gateway -> Web Server

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 09, 2012, 10:55:07 PM
 #34

Internet -> Firewall -> Tor Gateway -> Web Server

That is actually true. I got a bit carried away there and didn't think it through fully, but the OP's layout would still allow the remote IP to be discovered.

What got us carried away was the fact that, like I said, the OP asked for opinions when all he wanted was a patt on the back while saying "Good job, fellow...".

boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:56:07 PM
 #35


Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

Finally you understand!

Yes, getting the root WILL allow anyone to circumvent tor, theres absolutely no way you can stop that, unless your Jesus or you you have some sort of magic genie.

when you root a server, you can do whatever the fuck you want.

The only way that woudln't happen is if you dug up every road in the world and layed down your own fiberoptic cable and built your own internet, as pointed out by psy above. I would suggest doing that if you wanted to use VBulletin on TOR and wanted to be 100% sure nobody could get the IP address.
Put your webserver behind a firewall that ONLY allows out Tor traffic and you will be better off.

Internet -> Firewall -> Tor Gateway -> Web Server

Do you mean just any NAT router? I personally wanted to use an OpenBSD firewall. Also what's the point of an OpenBSD router/firewall, OBSD TOR GATEWAY and OBSD server?
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:56:34 PM
 #36

Internet -> Firewall -> Tor Gateway -> Web Server

That is actually true. I got a bit carried away there and didn't think it through fully, but the OP's layout would still allow the remote IP to be discovered.

What got us carried away was the fact that, like I said, the OP asked for opinions when all he wanted was a patt on the back while saying "Good job, fellow...".

LMAO yeah right, like you know me...
boconniff40
Newbie
*
Offline Offline

Activity: 28


View Profile
March 09, 2012, 10:59:53 PM
 #37

Just get lost
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 09, 2012, 11:07:23 PM
 #38

Just get lost

You can always put us(and the rest of the forum probably) on your extensive ignore list...

Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 10, 2012, 06:39:40 AM
 #39


Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

Finally you understand!

Yes, getting the root WILL allow anyone to circumvent tor, theres absolutely no way you can stop that, unless your Jesus or you you have some sort of magic genie.

when you root a server, you can do whatever the fuck you want.

The only way that woudln't happen is if you dug up every road in the world and layed down your own fiberoptic cable and built your own internet, as pointed out by psy above. I would suggest doing that if you wanted to use VBulletin on TOR and wanted to be 100% sure nobody could get the IP address.
Put your webserver behind a firewall that ONLY allows out Tor traffic and you will be better off.

Internet -> Firewall -> Tor Gateway -> Web Server

Do you mean just any NAT router? I personally wanted to use an OpenBSD firewall.
Well how popular is your forum going to be? If you think a cheap NAT router is enough to handle the bandwidth, that is probably fine.

As far as firewalls go, I've been liking pfsense.

Quote
Also what's the point of an OpenBSD router/firewall, OBSD TOR GATEWAY and OBSD server?

Go read the TorBox link.

Even if someone hacks your hidden server software (thttpd, apache, etc.), he can not steal your hidden service key. The key is stored on the Tor-Gateway. Once you cleaned your Tor-Workstation, no one can impersonate your hidden service anymore.

EDIT: Here is another helpful link. https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OptionalConfigurations#Hostinghiddenservices

btctrader22
Jr. Member
*
Offline Offline

Activity: 45



View Profile
March 10, 2012, 10:34:44 AM
 #40

LMAO yeah right, like you know me...

You didnt explain why you want to setup a tor thing. Do u rly need all that security ?

My address: 18xdeHAiwAL84Qo1py4qBsMsADULh9xHq4
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!