Pages:
Author

Topic: Rate my Tor Hidden Service - page 2. (Read 16305 times)

newbie
Activity: 45
Merit: 0
March 10, 2012, 05:34:44 AM
#40
LMAO yeah right, like you know me...

You didnt explain why you want to setup a tor thing. Do u rly need all that security ?
hero member
Activity: 742
Merit: 500
March 10, 2012, 01:39:40 AM
#39

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

Finally you understand!

Yes, getting the root WILL allow anyone to circumvent tor, theres absolutely no way you can stop that, unless your Jesus or you you have some sort of magic genie.

when you root a server, you can do whatever the fuck you want.

The only way that woudln't happen is if you dug up every road in the world and layed down your own fiberoptic cable and built your own internet, as pointed out by psy above. I would suggest doing that if you wanted to use VBulletin on TOR and wanted to be 100% sure nobody could get the IP address.
Put your webserver behind a firewall that ONLY allows out Tor traffic and you will be better off.

Internet -> Firewall -> Tor Gateway -> Web Server

Do you mean just any NAT router? I personally wanted to use an OpenBSD firewall.
Well how popular is your forum going to be? If you think a cheap NAT router is enough to handle the bandwidth, that is probably fine.

As far as firewalls go, I've been liking pfsense.

Quote
Also what's the point of an OpenBSD router/firewall, OBSD TOR GATEWAY and OBSD server?

Go read the TorBox link.

Even if someone hacks your hidden server software (thttpd, apache, etc.), he can not steal your hidden service key. The key is stored on the Tor-Gateway. Once you cleaned your Tor-Workstation, no one can impersonate your hidden service anymore.

EDIT: Here is another helpful link. https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/OptionalConfigurations#Hostinghiddenservices
legendary
Activity: 1358
Merit: 1002
March 09, 2012, 06:07:23 PM
#38
Just get lost

You can always put us(and the rest of the forum probably) on your extensive ignore list...
newbie
Activity: 28
Merit: 0
March 09, 2012, 05:59:53 PM
#37
Just get lost
newbie
Activity: 28
Merit: 0
March 09, 2012, 05:56:34 PM
#36
Internet -> Firewall -> Tor Gateway -> Web Server

That is actually true. I got a bit carried away there and didn't think it through fully, but the OP's layout would still allow the remote IP to be discovered.

What got us carried away was the fact that, like I said, the OP asked for opinions when all he wanted was a patt on the back while saying "Good job, fellow...".

LMAO yeah right, like you know me...
newbie
Activity: 28
Merit: 0
March 09, 2012, 05:56:07 PM
#35

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

Finally you understand!

Yes, getting the root WILL allow anyone to circumvent tor, theres absolutely no way you can stop that, unless your Jesus or you you have some sort of magic genie.

when you root a server, you can do whatever the fuck you want.

The only way that woudln't happen is if you dug up every road in the world and layed down your own fiberoptic cable and built your own internet, as pointed out by psy above. I would suggest doing that if you wanted to use VBulletin on TOR and wanted to be 100% sure nobody could get the IP address.
Put your webserver behind a firewall that ONLY allows out Tor traffic and you will be better off.

Internet -> Firewall -> Tor Gateway -> Web Server

Do you mean just any NAT router? I personally wanted to use an OpenBSD firewall. Also what's the point of an OpenBSD router/firewall, OBSD TOR GATEWAY and OBSD server?
legendary
Activity: 1358
Merit: 1002
March 09, 2012, 05:55:07 PM
#34
Internet -> Firewall -> Tor Gateway -> Web Server

That is actually true. I got a bit carried away there and didn't think it through fully, but the OP's layout would still allow the remote IP to be discovered.

What got us carried away was the fact that, like I said, the OP asked for opinions when all he wanted was a patt on the back while saying "Good job, fellow...".
hero member
Activity: 742
Merit: 500
March 09, 2012, 05:42:42 PM
#33

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

Finally you understand!

Yes, getting the root WILL allow anyone to circumvent tor, theres absolutely no way you can stop that, unless your Jesus or you you have some sort of magic genie.

when you root a server, you can do whatever the fuck you want.

The only way that woudln't happen is if you dug up every road in the world and layed down your own fiberoptic cable and built your own internet, as pointed out by psy above. I would suggest doing that if you wanted to use VBulletin on TOR and wanted to be 100% sure nobody could get the IP address.
Put your webserver behind a firewall that ONLY allows out Tor traffic and you will be better off.

Internet -> Firewall -> Tor Gateway -> Web Server
hero member
Activity: 742
Merit: 500
March 09, 2012, 05:31:56 PM
#32
There are LOTS of ways for people to figure out your IP even when protected by Tor.  "[Tor] is experimental software. Do not rely on it for strong anonymity".  There are also LOTS of things needed to make sure you are as secure as possible.

If you think just setting up a tor hidden service that points to apache is enough to hide yourself, you really should do more research.

Maybe look at TorBOX for some tips on security.

https://trac.torproject.org/projects/tor/wiki/doc/TorBOX
legendary
Activity: 1358
Merit: 1002
March 09, 2012, 05:29:21 PM
#31

Okay genius, explain how they are going to get my or others IP address when everyone is using Tor. Also, the server will be in a far off physical location, not at my house.


Step 1. Find vulnerability in VBulletin or server.
Step 2. Get root on server.
Step 3. Type "ping" followed by an IP address of a computer they control
Step 4. Check firewall log on controlled PC and recover IP
Step 5. ??
Step 6. Profit

or

Step 1. Find vulnerability in VBulletin
Step 2. Use vulnerability to get vbulletin to request a page from a script hosted on a webserver controlled by hacker
Step 3. Check server log on webserver and recover IP, or even have the script record the IP address
Step 4. ??
Step 5. Profit

Also, I hired a hacker who hired a hacker who says your hired hacker is talking shit.

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?

One more time: HOW WILL YOU MAKE SURE THAT ALL AND ANY OUTGOING CONNECTION FROM YOUR SERVER WILL GET ROUTED TROUGH TOR?

Answer that. I said I will be grateful...
You seem to forget that Tor traffic still uses the normal internet... Or your version of Tor is a completely different network that bypasses the internet?

BTW, you are also forgetting about
hostname -i
and
/etc/hosts

or whatever are the OpenBSD equivalents for them.
both will give you your IP, which is needed for the server to work.
Of course you could use a VPS inside a dedicated server, and if you did it, it would probably show the local IP, but that wasn't what you described, you moron...

FFS, such a n00b you are...
newbie
Activity: 28
Merit: 0
March 09, 2012, 05:27:37 PM
#30

Okay genius, explain how they are going to get my or others IP address when everyone is using Tor. Also, the server will be in a far off physical location, not at my house.


Step 1. Find vulnerability in VBulletin or server.
Step 2. Get root on server.
Step 3. Type "ping" followed by an IP address of a computer they control
Step 4. Check firewall log on controlled PC and recover IP
Step 5. ??
Step 6. Profit

or

Step 1. Find vulnerability in VBulletin
Step 2. Use vulnerability to get vbulletin to request a page from a script hosted on a webserver controlled by hacker
Step 3. Check server log on webserver and recover IP, or even have the script record the IP address
Step 4. ??
Step 5. Profit

Also, I hired a hacker who hired a hacker who says your hired hacker is talking shit.

Okay so you seem to think that for some reason, just hacking a simple message board and getting to the root will allow people to circumvent TOR....?
newbie
Activity: 28
Merit: 0
March 09, 2012, 05:25:55 PM
#29
I seriously doubt my real IP address will be compromised if vBulletin gets hacked... do you people even know what the fuck you're talking about?

There was this jackass idiot who said previously that a TRUECRYPT volume is useless when it is mounted because you can change the password, I MEAN WHAT THE FUCK, are you some kind of Truecrypt virginal whore or something... no the password and the keyfiles cannot be changed when it's mounted freak...

Now the next time people suggest something bad is going to happen, I suggest they explain the WHOLE POSSIBILITY OF IT and EXACTLY how it'll happen because I am paying a professional hacker to test my security and he's calling some of you bullshitters.

Well motherfucker, let me tell you something: I'm a linux sysadmin on my day job. I mean, WHAT THE FUCK, even today, after 4 years on the job I don't feel confident enough to cover all my tracks in the case I was running an hidden service, hence why I refuse to run one, and probably I'm more qualified to do it than you.
What blazr said is true: Once they pwn your web app it's only a matter of time until they root your server, hell, they don't even need to do that: just fire up some secure shell(doesn't have to be root for it, any other user with a password for ssh will do) and use wget to fetch a file from a server the hacker controls and BAM, he has your IP. Difficult, not really. Difficult to you, for sure...
To avoid what I described previously, tell me please how will you make sure that ANY connection from that server will get routed trough Tor. Please? I also need that answer. Maybe I'll feel qualified enough to run an hidden service after having that answer.

Now get lost, and remember, never ask for opinions when all you want is a patt on the back...

WOW a sysadmin that doesn't have an idea of how a Tor hidden service works lmfao... HOW ELSE CAN PEOPLE access that hidden service if not through TOR?

NOW YOU GET LOST, I DON'T LIKE YOUR OPINION AND I SURE AS HELL DON'T HAVE TO TAKE IT.
legendary
Activity: 1358
Merit: 1002
March 09, 2012, 05:14:41 PM
#28
I seriously doubt my real IP address will be compromised if vBulletin gets hacked... do you people even know what the fuck you're talking about?

There was this jackass idiot who said previously that a TRUECRYPT volume is useless when it is mounted because you can change the password, I MEAN WHAT THE FUCK, are you some kind of Truecrypt virginal whore or something... no the password and the keyfiles cannot be changed when it's mounted freak...

Now the next time people suggest something bad is going to happen, I suggest they explain the WHOLE POSSIBILITY OF IT and EXACTLY how it'll happen because I am paying a professional hacker to test my security and he's calling some of you bullshitters.

Well motherfucker, let me tell you something: I'm a linux sysadmin on my day job. I mean, WHAT THE FUCK, even today, after 4 years on the job I don't feel confident enough to cover all my tracks in the case I was running an hidden service, hence why I refuse to run one, and probably I'm more qualified to do it than you.
What blazr said is true: Once they pwn your web app it's only a matter of time until they root your server, hell, they don't even need to do that: just fire up some secure shell(doesn't have to be root for it, any other user with a password for ssh will do) and use wget to fetch a file from a server the hacker controls and BAM, he has your IP. Difficult, not really. Difficult to you, for sure...
To avoid what I described previously, tell me please how will you make sure that ANY connection from that server will get routed trough Tor. Please? I also need that answer. Maybe I'll feel qualified enough to run an hidden service after having that answer.

Now get lost, and remember, never ask for opinions when all you want is a patt on the back...
newbie
Activity: 28
Merit: 0
March 09, 2012, 05:11:10 PM
#27
I seriously doubt my real IP address will be compromised if vBulletin gets hacked

Yes it will. I guarantee you there is atleast 1 vulnerability out there that can be used to get the server to spit out the real IP.

Anyways, if they compromise vbulletin, chances are they can work their way up to rooting the server. Once they do that, your screwed because yes they can get the IP extremely easily then, and they can basically go to town on your server and website.

do you people even know what the fuck you're talking about?

Of course we do, your the one who's claiming we're wrong because you don't like what we are saying.

I am paying a professional hacker to test my security


If you do hire a hacker to audit your website, he will tell you to get rid of vbulletin and replace it with something else.

Okay genius, explain how they are going to get my or others IP address when everyone is using Tor. Also, the server will be in a far off physical location, not at my house.

My professional hacker tells me that anything is hackable, therefore it's really just choosing the lesser of two evils.
newbie
Activity: 28
Merit: 0
March 09, 2012, 04:39:25 PM
#26
I seriously doubt my real IP address will be compromised if vBulletin gets hacked... do you people even know what the fuck you're talking about?

There was this jackass idiot who said previously that a TRUECRYPT volume is useless when it is mounted because you can change the password, I MEAN WHAT THE FUCK, are you some kind of Truecrypt virginal whore or something... no the password and the keyfiles cannot be changed when it's mounted freak...

Now the next time people suggest something bad is going to happen, I suggest they explain the WHOLE POSSIBILITY OF IT and EXACTLY how it'll happen because I am paying a professional hacker to test my security and he's calling some of you bullshitters.
newbie
Activity: 28
Merit: 0
March 09, 2012, 04:36:32 PM
#25
Also, make sure the root password of the server isn't blank, or "password". This is usually a good security practice as it stops your server from getting completely owned.
LOL The scary part is that I feel that the OP really needs to be given this ^^ advice.


I rofl'd on his statement that he doesn't care if his "hidden service" is hacked because he'll just restore the database.

Hey, you fool, if your "hidden service" is hacked you can bet it will not be a "hidden service" anymore and it will just be a "service"!! Granted.
If it happens the upside is that you won't need to use Tor anymore and can just serve your forum using the normal internet and a normal domain. Cheesy

I'm sure your username here is "really" pussy and not psy

Anyways can you fat losers stop worrying about MY Tor Hidden Service like a bunch of retard freaks? Cheesy THANKS
legendary
Activity: 1358
Merit: 1002
March 09, 2012, 03:40:07 PM
#24
Also, make sure the root password of the server isn't blank, or "password". This is usually a good security practice as it stops your server from getting completely owned.
LOL The scary part is that I feel that the OP really needs to be given this ^^ advice.


I rofl'd on his statement that he doesn't care if his "hidden service" is hacked because he'll just restore the database.

Hey, you fool, if your "hidden service" is hacked you can bet it will not be a "hidden service" anymore and it will just be a "service"!! Granted.
If it happens the upside is that you won't need to use Tor anymore and can just serve your forum using the normal internet and a normal domain. Cheesy
full member
Activity: 210
Merit: 100
March 09, 2012, 01:42:44 PM
#23
just another (useless) protocol.
'tis not so, it's a protocol of military-grade strength Grin
Much good it'll do when the vBulletin-powered server gets rooted.

Any server is only as good as the admin running it. Somehow, I've got this gut feeling this ain't gonna be the Fort Knox of forums...
legendary
Activity: 1050
Merit: 1000
You are WRONG!
March 09, 2012, 01:23:50 PM
#22
What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
just another (useless) protocol.
member
Activity: 98
Merit: 10
March 09, 2012, 01:06:13 PM
#21
What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]

irc over ssl is an option, you could use certificate based authentication with your clients
Pages:
Jump to: