DarkModus
›
Discussion
›
Technology
›
[TUTORIAL] How to setup a .onion (tor) website and protect youself from breaches
[TUTORIAL] How to setup a .onion (tor) website and protect youself from breaches
Posted 7 months ago by Deadsh0t
Posted 7 months ago by Deadsh0t
7 months ago
FIRST OF ALL IF THIS IS NOT ALLOWED PLEASE DELETE THIS POST
So i wanted to share how to setup a deepweb website and have it as secure as possible.
What youll need:
NOTE: YOU DONT NEED TO HAVE ANY PORTS OPEN NOT EVEN PORT 80 YOU CAN DO THIS ON ANY REGULAR INTERNET CONNECTION
-running web server preferably on ubuntu or debian (google how to install lamp if you dont know how to host websites)
-apache isnt the 1 you must choose but it is the easiest to configure
-A good concept![[Image: 68747470733a2f2f73332e63612d63656e747261...652e706e67]]()
-Really basic linux skills
Step 1: Install tor you can do this on debian/ubuntu distributions by typing
for arch linux
and for centos/rhel:
Step 2: generate onion domain:
Step 3: check your onion domain:
(the folder hidden_service also creates a private key that can be used to
transfer your onion domain to a new server)
Step 4: make the onion domain known to apache:
and add this to end of file
after this restart apache sudo systemctl restart apache2
step 5: create content directory (to place the website files):
you can place all your website files into /var/www/hidden_service
Step 6:Test your tor website by copying your address into the tor browser
Were not done yet now were going to take some security measures
step 1 disable server info :
this disables the info
step 2 disable server status:
contains server info we dont want anyone to know
normally this is only for localhost to access
but when someone accesses our tor site .onion it acts as localhost
There you go you now have your very own deepweb website
BUT REMEMBER A CHAIN IS AS STRONG AS ITS WEAKEST LINK
UPDATE For people who want to use nginx , nginx is a lot lighter and sometimes faster than apache ( thanks @Sweets for the addition
):
With regards to #4, should you so choose to use NGINX, your configuration will look as such
This configuration will likely be located in /etc/nginx/sites-available, with the same name symlinked to the previous path at /etc/nginx/sites-enabled. I'm not entirely certain of how one may disable localhost related information for an NGINX backend, though, since I've never needed to. That being said, it would be wisest to look into that, for users that are using NGINX.
Also, another addition, Arch Linux users can install tor with
So i wanted to share how to setup a deepweb website and have it as secure as possible.
What youll need:
NOTE: YOU DONT NEED TO HAVE ANY PORTS OPEN NOT EVEN PORT 80 YOU CAN DO THIS ON ANY REGULAR INTERNET CONNECTION
-running web server preferably on ubuntu or debian (google how to install lamp if you dont know how to host websites)
-apache isnt the 1 you must choose but it is the easiest to configure
-A good concept
-Really basic linux skills
Step 1: Install tor you can do this on debian/ubuntu distributions by typing
Code:
sudo apt-get install torfor arch linux
Code:
sudo pacman -S torand for centos/rhel:
Code:
yum install epel-release
yum install torStep 2: generate onion domain:
Code:
edit /etc/tor/torrc (you can do this by typing nano /etc/torrc)and uncomment
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
sometimes this is commented so uncomment it and restart tor using systemctl restart tor
Step 3: check your onion domain:
Code:
cat /var/lib/tor/hidden_service/hostname(the folder hidden_service also creates a private key that can be used to
transfer your onion domain to a new server)
Step 4: make the onion domain known to apache:
Code:
edit /etc/apache2/sites-available/000-default.conf (nano /etc/apache2/sites-available/000-default.conf)
and add this to end of file
Code:
<virtualhost 127.0.0.1:80>
ServerName bvibfr576o4zpdr6.onion
ServerAdmin [email protected]
DocumentRoot /var/www/hidden_service
</virtualhost>after this restart apache sudo systemctl restart apache2
step 5: create content directory (to place the website files):
Code:
cd /var/www
sudo mkdir hidden_serviceyou can place all your website files into /var/www/hidden_service
Step 6:Test your tor website by copying your address into the tor browser
Were not done yet now were going to take some security measures
step 1 disable server info :
Code:
nano /etc/apache2/apache2.conf
ServerSignature Off
ServerTokens Prodthis disables the info
step 2 disable server status:
Code:
sudo a2dismod statuscontains server info we dont want anyone to know
normally this is only for localhost to access
but when someone accesses our tor site .onion it acts as localhost
There you go you now have your very own deepweb website
BUT REMEMBER A CHAIN IS AS STRONG AS ITS WEAKEST LINK
UPDATE For people who want to use nginx , nginx is a lot lighter and sometimes faster than apache ( thanks @Sweets for the addition
):With regards to #4, should you so choose to use NGINX, your configuration will look as such
Code:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/hidden_service
server_name bvibfr576o4zpdr6.onion;
}This configuration will likely be located in /etc/nginx/sites-available, with the same name symlinked to the previous path at /etc/nginx/sites-enabled. I'm not entirely certain of how one may disable localhost related information for an NGINX backend, though, since I've never needed to. That being said, it would be wisest to look into that, for users that are using NGINX.
Also, another addition, Arch Linux users can install tor with
7 months ago
(7 months ago)Sweets Wrote: This is completely allowed. There's nothing inherently related to hacking at all, so it's not against MyBB terms of usage. Which honestly we may just toss out the window anyways. In any case, I'm glad someone posted a tutorial. I'd also like to add that, in addition to what's been stated here, you may also supplement Apache with NGINX. All of the same steps still apply, save for #4.
With regards to #4, should you so choose to use NGINX, your configuration will look as such
Code:server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/hidden_service
server_name bvibfr576o4zpdr6.onion;
}
This configuration will likely be located in /etc/nginx/sites-available, with the same name symlinked to the previous path at /etc/nginx/sites-enabled. I'm not entirely certain of how one may disable localhost related information for an NGINX backend, though, since I've never needed to. That being said, it would be wisest to look into that, for users that are using NGINX.
Also, another addition, Arch Linux users can install tor with
Code:sudo pacman -S tor
thanks for your addition
added it and changed some thingsUsers browsing this thread: 1 Guest(s)
© MMXIX
