Re: Tutorials for providing Hidden Services?
<phobos <at> rootme.org>
2009-01-01 22:45:22 GMT
On Thu, Dec 18, 2008 at 06:24:46PM -0000, 6cnf6cp02 <at> sneakemail.com wrote 0.7K bytes in 10 lines about:
: I want to provide basic free anonymous blogging services using Tor's hidden services. Are there any
tutorials for this, apart from the basic setup information on Torproject.org? More specifically, how
can I stop my users from identifying my server? What do I have to pay attention to?
There is no tutorial that I know of. Each piece of software has
different concerns and configurations to protect both your and your
: How can I block connection attempts by Apache using my external network interface, eg. if the users
execute scripts that contact external addresses? What information is exposed by environment
variables, and how can I stop the user from reading them? For example, can I modify timezone/timestamps to
obfuscate my server location?
Just some thoughts. Run apache on localhost. Set the system time to UTC.
Check the 404 page and such so that it doesn't give out the hostname.
Run apache in a jail, etc. Run the jail/vm on a system without a public
IP; such that if someone does break apache, they find the IP address is
192.168.1.2 (or some other RFC1918 scheme).
: What settings do I have to change to fully remove Apache's IP logging to protect my users?
Disable access logging.