Silk Road forums
Discussion => Security => Topic started by: AussieMitch on August 24, 2013, 04:22 pm
-
I want to set up my own hidden service, just a simple small html site for no reason other than personal interest and to learn a bit more about computer security in the process. I love cryptoanarchy and it really appeals to me as a hobby.
How do I get started? I have a limited understanding of basic programming and web development, but I'm eager to learn.
I was hoping to have some kind of setup involving Whonix with physical isolation, where the web server is in a VM on one computer, with the other computer acting as a gateway to protect against having the IP address of my site revealed if it was hacked. Is this setup pretty much 100% secure?
-
You could get 2 Raspberry PI, where one has 2 ethernet interfaces and is connected to your router, like a physically isolated Whonix gateway. The other PI is connected to the the gateway PI (Tor) only and runs the webserver (lighttpd?). However I'm not sure if it's possible to have 2 ethernet interfaces on a Raspberry PI. But it should be possible with USB->Ethernet adapters?
When the webserver gets hacked, the attacker couldn't get your real IP address. First they'd have to hack the gateway PI from the webserver PI, which is highly unlikely if only Tor and nothing else is running on the gateway. Usually you'd want to be able to connect to the both PI's by using SSH, so you'd have to firewall them properly (only allow SSH connections from gateway to webserver, but none from inside the webserver to the gateway). Should be like 99.999999% secure that way.
I've installed a hidden service with lighttpd in a Debian virtual machine yesterday. It was quite easy. Took me an hour or so. I simply created a virtual machine on another computer, then had a look at the hidden service instructions on the Tor website.
If your computer isn't online all the time, your hidden service won't be either. This leaks information to an observant adversary.
It is generally a better idea to host hidden services on a Tor client rather than a Tor relay, since relay uptime and other properties are publicly visible.
https://www.torproject.org/docs/tor-hidden-service.html.en