Silk Road forums

Discussion => Newbie discussion => Topic started by: TheLostHermit777 on April 29, 2013, 02:08 pm

Title: How to access SR during DDOS
Post by: TheLostHermit777 on April 29, 2013, 02:08 pm
I've noticed that when I'm unable to access SR during the DDOS, 9/10 times I'm able to get to it through the onion.to redirect service. Obviously it's ####not as safe#### as going through the normal route, but if you do need to access it seems you're able to do so.

Just add .to to the end of the url, so it reads http://silkroadvb5piz3r.onion.to

Yes the site is relatively safe, it's basically a service so you can access .onion sites in your normal browser without installing the onion router.

The only other suggestion I can offer is to change your timeout settings so it waits longer for traffic to come back before cutting the connection.

######################################################################
MORE INFORMATION WHY IT'S NOT AS SAFE FOUND HERE, I ADVISE YOU ALL READ THIS BEFORE PROCEEDING:
http://dkn255hz262ypmii.onion/index.php?topic=153155.msg1063236#msg1063236
######################################################################
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 02:16 pm
I've noticed that when I'm unable to access SR during the DDOS, 9/10 times I'm able to get to it through the onion.to redirect service. Obviously it's not as safe as going through the normal route, but if you do need to access it seems you're able to do so.

If you access the site through TOR it remains just as safe I think.

Just add .to to the end of the url, so it reads http://silkroadvb5piz3r.onion.to

Yes the site is relatively safe, it's basically a service so you can access .onion sites in your normal browser without installing the onion router.

The only other suggestion I can offer is to change your timeout settings so it waits longer for traffic to come back before cutting the connection.

B E W A R E from using this shitty onion.to... IS EVIL! would you compare the onion end-to-end encryption with the http connection?? pls stop encourage people to use onion.to
Title: Re: How to access SR during DDOS
Post by: Wepromisetwenty on April 29, 2013, 02:17 pm
Holy shit, you're right mate.
Thats strange - anyone care to shed some light on why thats so effective?

Also, if i understand correctly - as long as you route the onion.to through the tor network, you are indeed protected as you would be if you were just using the onion site directly?

feel free to correct me though as i know fuck all about this anonymity and security stuff.
Title: Re: How to access SR during DDOS
Post by: Wepromisetwenty on April 29, 2013, 02:20 pm
I've noticed that when I'm unable to access SR during the DDOS, 9/10 times I'm able to get to it through the onion.to redirect service. Obviously it's not as safe as going through the normal route, but if you do need to access it seems you're able to do so.

If you access the site through TOR it remains just as safe I think.

Just add .to to the end of the url, so it reads http://silkroadvb5piz3r.onion.to

Yes the site is relatively safe, it's basically a service so you can access .onion sites in your normal browser without installing the onion router.

The only other suggestion I can offer is to change your timeout settings so it waits longer for traffic to come back before cutting the connection.

B E W A R E from using this shitty onion.to... IS EVIL! would you compare the onion end-to-end encryption with the http connection?? pls stop encourage people to use onion.to

I guess the evil downside of using this (even through tor), is that you're supporting a site that basically allows google to crawl onions.. which to me seems a bit... shit. needs must though I suppose.

also for what its worth, I almost always get the login page through .to, but struggle to get much further
Title: Re: How to access SR during DDOS
Post by: TheLostHermit777 on April 29, 2013, 02:24 pm
B E W A R E from using this shitty onion.to... IS EVIL! would you compare the onion end-to-end encryption with the http connection?? pls stop encourage people to use onion.to

I clearly stated it's not as safe as going straight through TOR but I'm certain there's individuals who would benefit from my advise. Your comment has encouraged me to explain why it's not as safe though.

Going through TOR is simple, your encrypted message gets bounced back and forth between other people connected to the TOR network until it reaches the 'end node' at which point the message is fully decrypted and sent on to the .onion site.

When using onion.to through your normal web browser, your information is sent un-encrypted and completely accessible by the web hosts and the authorities if they make a request. Their site then encrypts it in the normal manner and follows the procedure above. Your data will also be accessible by your ISP, as-well as anyone sniffing your network.

SO I ADVISE ALL VENDORS OR PURCHASERS OF LARGE QUANTITIES TO NOT ACCESS USING ONION.TO UNLESS ABSOLUTELY NECESSARY.

The only additional layer of protection would be to use a VPN because at least this covers up your IP address. If looking for a good VPN I recommend 'iPredator' brought to you by ThePirateBay, it's based in Sweden which makes it difficult for your authorities to ask them from your IP details and traffic data. It's relatively cheap and very simple to set up. It provides dynamic IP so each time you connect you get a new IP and the download speeds are 'acceptable', I.e about 3 MBp/s for me.

Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 02:25 pm
Holy shit, you're right mate.
Thats strange - anyone care to shed some light on why thats so effective?

Also, if i understand correctly - as long as you route the onion.to through the tor network, you are indeed protected as you would be if you were just using the onion site directly?

feel free to correct me though as i know fuck all about this anonymity and security stuff.

wrong.
in the onion.to scenario all the data stream between you and the SR server could be logged by a bad exit node (or by onion.to owner, who knows)... so even if you are behind your lovely tor route, your info (that you send with your keyboard) could be exposed.

also the anonymity of your ass isnt comparable... the onion direct connection with torbrowser is much better than onion.to connection with torbrowser.
Title: Re: How to access SR during DDOS
Post by: Jack N Hoff on April 29, 2013, 02:29 pm
Dumb dumb dumb.  Even if you're using TOR to access it, the exit node you're using can see your data, your username and password.  Onion.to the NSA and the websites ISP can also see all of that information.  Anyone who has been using the onion.to, I'd suggest changing your passwords when you get the chance.
Title: Re: How to access SR during DDOS
Post by: TheLostHermit777 on April 29, 2013, 02:30 pm
Holy shit, you're right mate.
Thats strange - anyone care to shed some light on why thats so effective?

Also, if i understand correctly - as long as you route the onion.to through the tor network, you are indeed protected as you would be if you were just using the onion site directly?
I think that onion.to have a higher timeout setting. The SR is not being 'taken down completely' by the DDOS, only slowed down, so messages it sends back to you will take longer. Most people will have a low timeout setting, which means if it doesn't get a response in X amount of time it'll cut the connection.

NO, your message will be encrypted in the tor network, but once it reaches the end node it'll be sent as a normal un-encrypted transmission so it doesn't really matter if you use the TOR network, all it'll do is hide your IP address.
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 02:36 pm
Dumb dumb dumb.  Even if you're using TOR to access it, the exit node you're using can see the data, your username and password.  Onion.to can also see all of that information.  Your ISP can also see what you are accessing.  Anyone who has been using the onion.to, I'd suggest changing your passwords when you get the chance.

i confirm all the things except the fact that with onion.to your ISP could see what you are accessing :-) in fact if you are using Tor + onion.to configuration, your ISP COULD NOT see anything...
with tor+onion or tor+onion.to your ISP will only see that you are connected through the tor network.
Title: Re: How to access SR during DDOS
Post by: q12357 on April 29, 2013, 02:44 pm
Sorry, that's possibly off topic but i can not post anywhere else. What does it mean when i tried to log in and the login form also requested "pin", which has never happened before that the login form requests pin, that couple month since I got familiar with silkroad. While i printed in all the information it redirected me to the following address http://deaseizedsites.com/?PHPSESSID=uie75cq6qmt2bnau89pfgmkr76
where it is written
Quote
This domain name has been seized foy the United states Drug Enforcement Administration pursuantto a seizure warrant issued by a United States District Court under the authority of Title 18, United States Code, Section 981.
On October 15,2008, the President signed into law the Ryan Haight Online Pharmacy Consumer Protection Act of 2008, often referred to as the Ryan Haight Act. This law amends the Controlled Substances Act by adding a series of new regulatory requirements and criminal provisions designed to combat the proliferation of so-called "rogue Internet sites" that unlawfully dispense controlled substances by means of the Internet. The Ryan Haight Act applies to all controlled substances in all schedules. An online pharmacy is a person, entity, or Internet site, whether in the United States or abroad, that knowingly or intentionally delivers, distributes, or dispenses, or offers orattempts to deliver, distribute, or dispense, a controlled substance by means of the Internet
This law became effective April 13,2009. As of that date, it is illegal under federal law to deliver, distribute, or dispense a controlled substance by means of the Internet unless the online pharmacy holdsa modification of DEAregistration authorizing it to operate as an online pharmacy.
Does that mean that something wrong is going on for example someone has stolen my login information?

I guess that could be because the exit node (I mean the one farthest from me, not literate it these tor terms) is located in US. But how cold that still happen if tor is used?
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 02:50 pm
Sorry, that's possibly off topic but i can not post anywhere else. What does it mean when i tried to log in and the login form also requested "pin", which has never happened before that the login form requests pin, that couple month since I got familiar with silkroad. While i printed in all the information it redirected me to the following address http://deaseizedsites.com/?PHPSESSID=uie75cq6qmt2bnau89pfgmkr76
where it is written
Quote
This domain name has been seized foy the United states Drug Enforcement Administration pursuantto a seizure warrant issued by a United States District Court under the authority of Title 18, United States Code, Section 981.
On October 15,2008, the President signed into law the Ryan Haight Online Pharmacy Consumer Protection Act of 2008, often referred to as the Ryan Haight Act. This law amends the Controlled Substances Act by adding a series of new regulatory requirements and criminal provisions designed to combat the proliferation of so-called "rogue Internet sites" that unlawfully dispense controlled substances by means of the Internet. The Ryan Haight Act applies to all controlled substances in all schedules. An online pharmacy is a person, entity, or Internet site, whether in the United States or abroad, that knowingly or intentionally delivers, distributes, or dispenses, or offers orattempts to deliver, distribute, or dispense, a controlled substance by means of the Internet
This law became effective April 13,2009. As of that date, it is illegal under federal law to deliver, distribute, or dispense a controlled substance by means of the Internet unless the online pharmacy holdsa modification of DEAregistration authorizing it to operate as an online pharmacy.
Does that mean that something wrong is going on for example someone has stolen my login information?

yes its off topic... you had to open a new thread... however when at the login the site that you think is SR ask you also the PIN number, its a fake/scammer/phishing site.
if you've recently insert your own password and right pin of SR login, you will be screwed in a few... so when SR will come up, you have to change quickly pin and password of your account, or your balance will be 0btc soon.
Title: Re: How to access SR during DDOS
Post by: q12357 on April 29, 2013, 02:56 pm
Thanks i will read the related security threads. Fortunately I have 0.0x btc on my account. Does this mean I have lost my account? 
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 03:01 pm
Dumb dumb dumb.  Even if you're using TOR to access it, the exit node you're using can see the data, your username and password.  Onion.to can also see all of that information.  Your ISP can also see what you are accessing.  Anyone who has been using the onion.to, I'd suggest changing your passwords when you get the chance.

i confirm all the things except the fact that with onion.to your ISP could see what you are accessing :-) in fact if you are using Tor + onion.to configuration, your ISP COULD NOT see anything...
with tor+onion or tor+onion.to your ISP will only see that you are connected through the tor network.

You're wrong.  Unless the page is a hidden service or SSL then you're ISP can see all the URLs of the pages that you are viewing even when you are using TOR.

trust me, you're totally wrong :-) your ISP could ONLY see that you are accessing through Tor, not WHAT you are doing on it.
This is the foundament of the Tor network.. with or without SSL/onion end-to-end encryption in this case doesnt matter.
In fact the SSL/onion encryption are useful for the encryption of the data stream (e.g. credentials at the login to a server) when there is a bad exit node that sniff the packet between you and the server that you are searching for.

maybe this CLEARNET dimostration of the big EFF can clarify a bit your ideas:
https://www.eff.org/pages/tor-and-https
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 03:11 pm
Dumb dumb dumb.  Even if you're using TOR to access it, the exit node you're using can see the data, your username and password.  Onion.to can also see all of that information.  Your ISP can also see what you are accessing.  Anyone who has been using the onion.to, I'd suggest changing your passwords when you get the chance.

i confirm all the things except the fact that with onion.to your ISP could see what you are accessing :-) in fact if you are using Tor + onion.to configuration, your ISP COULD NOT see anything...
with tor+onion or tor+onion.to your ISP will only see that you are connected through the tor network.

You're wrong.  Unless the page is a hidden service or SSL then you're ISP can see all the URLs of the pages that you are viewing even when you are using TOR.

trust me, you're totally wrong :-) your ISP could ONLY see that you are accessing through Tor, not WHAT you are doing on it.
This is the foundament of the Tor network.. with or without SSL/onion end-to-end encryption in this case doesnt matter.
In fact the SSL/onion encryption are useful for the encryption of the data stream (e.g. credentials at the login to a server) when there is a bad exit node that sniff the packet between you and the server that you are searching for.

maybe this CLEARNET dimostration of the big EFF can clarify a bit your ideas:
https://www.eff.org/pages/tor-and-https

Let me repeat this, IF IT IS NOT A HIDDEN SERVICE OR DOES NOT HAVE SSL THEN YOUR ISP CAN SEE THE URLS OF THE PAGES THAT YOU ARE ACCESSING EVEN WHILE YOU ARE USING TOR.

Better?

No i'm sorry but you're wrong in the same way of before.
Please let me clarify your ideas, check it out and then tell me: https://www.eff.org/pages/tor-and-https
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 03:14 pm
Thanks i will read the related security threads. Fortunately I have 0.0x btc on my account. Does this mean I have lost my account?

no its not automatically, their interest is focused only into your bitcoins, if you've nothing into your SR wallet, so you can stay more in peace...
but this not change the fact that for your future security you HAVE TO change as soon as possible your SR PIN and password
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 03:22 pm
Jack N Hoff with all the respect you are misinformating peolple... you've linked a simple forum, its not a reliable source.
i've linked the eff site, which is considerated a reliable source from all.
i advice you to read carefully all the documentation of torproject (like i did) to learn more about tor security and how to protect your ass:

start from here (WARNING CLEARNET SITE):
https://www.torproject.org/about/overview.html.en

Regards
Title: Re: How to access SR during DDOS
Post by: jizzmasterzero on April 29, 2013, 03:32 pm
Thanks for the info, but I'm going to play it safe and wait for SR to work under normal, more secure conditions.
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 03:45 pm
Sorry bud, your misinterpreting it.  If the website you are vising is say http://google.com then your ISP know that you are visiting google.com

If you are visiting https://google.com then they do not know what site you are accessing.

You are wrong, once more for the same reasons. Learn, study... Then speak with a little bit more of conscience.

i repeat the last time:
Tor is conceived for anonymize people. In the last years is having foundamental importance the roule that has in some "state" to permit their people to reach sites that without tor are unaccessible (e.g. facebook, google, youtube's censure).
Without the ssl and through tor they can reach these site in the same way.
If you are lazy and you don't want to study all the architecture of tor, please visit CLEARNET EFF site that re-explain better and graphically what i said: https://www.eff.org/pages/tor-and-https
Please once more don't to this for me, do that for you and all the people that you misinform.
With all the respect,
Regards.
Title: Re: How to access SR during DDOS
Post by: Jack N Hoff on April 29, 2013, 03:50 pm
You are wrong, once more for the same reasons. Learn, study... Then speak with a little bit more of conscience.

i repeat the last time:
Tor is conceived for anonymize people. In the last years is having foundamental importance the roule that has in some "state" to permit their people to reach sites that without tor are unaccessible (e.g. facebook, google, youtube's censure).
Without the ssl and through tor they can reach these site in the same way.
If you are lazy and you don't want to study all the architecture of tor, please visit CLEARNET EFF site that re-explain better and graphically what i said: https://www.eff.org/pages/tor-and-https
Please once more don't to this for me, do that for you and all the people that you misinform.
With all the respect,
Regards.

You're right, I was remembering it incorrectly.  But even if you're using TOR to access it, the exit node you're using can see your data, your username and password.  Onion.to the NSA and the websites ISP can also see all of that information.   That is still pretty damn insecure.  You have to agree with that.
Title: Re: How to access SR during DDOS
Post by: Jack N Hoff on April 29, 2013, 03:50 pm
Haha that was the page I was looking for!!!  That exact interactive diagram lol
Title: Re: How to access SR during DDOS
Post by: anon8712 on April 29, 2013, 03:52 pm
B E W A R E from using this shitty onion.to... IS EVIL! would you compare the onion end-to-end encryption with the http connection?? pls stop encourage people to use onion.to

I clearly stated it's not as safe as going straight through TOR but I'm certain there's individuals who would benefit from my advise. Your comment has encouraged me to explain why it's not as safe though.

Going through TOR is simple, your encrypted message gets bounced back and forth between other people connected to the TOR network until it reaches the 'end node' at which point the message is fully decrypted and sent on to the .onion site.

When using onion.to through your normal web browser, your information is sent un-encrypted and completely accessible by the web hosts and the authorities if they make a request. Their site then encrypts it in the normal manner and follows the procedure above. Your data will also be accessible by your ISP, as-well as anyone sniffing your network.

SO I ADVISE ALL VENDORS OR PURCHASERS OF LARGE QUANTITIES TO NOT ACCESS USING ONION.TO UNLESS ABSOLUTELY NECESSARY.

The only additional layer of protection would be to use a VPN because at least this covers up your IP address. If looking for a good VPN I recommend 'iPredator' brought to you by ThePirateBay, it's based in Sweden which makes it difficult for your authorities to ask them from your IP details and traffic data. It's relatively cheap and very simple to set up. It provides dynamic IP so each time you connect you get a new IP and the download speeds are 'acceptable', I.e about 3 MBp/s for me.

Your thoughts on Private Internet Access? From what I understand they don't keep logs so even if authorities were to ask for information there would be nothing to give.
Title: Re: How to access SR during DDOS
Post by: novembertest on April 29, 2013, 03:54 pm
fortunately... EFF has always right ;-)
Title: Re: How to access SR during DDOS
Post by: Wepromisetwenty on April 29, 2013, 04:27 pm
Holy shit, you're right mate.
Thats strange - anyone care to shed some light on why thats so effective?

Also, if i understand correctly - as long as you route the onion.to through the tor network, you are indeed protected as you would be if you were just using the onion site directly?

feel free to correct me though as i know fuck all about this anonymity and security stuff.

wrong.
in the onion.to scenario all the data stream between you and the SR server could be logged by a bad exit node (or by onion.to owner, who knows)... so even if you are behind your lovely tor route, your info (that you send with your keyboard) could be exposed.

also the anonymity of your ass isnt comparable... the onion direct connection with torbrowser is much better than onion.to connection with torbrowser.

Oh I see. Thats interesting. Thanks. Like i said - i'm an anonymity newbie ;)

Some interesting stuff in this thread, for me at least. Thanks to all who've contributed.