A year of hosting an onion site
A short story detailing my experiences with hackers, SIGINT and the inherent depravity of humankind. In truth though, this story may lack all the aforementioned ingredients.
The lonely onion
A year ago I decided to offer my visitors “absolute” privacy in the shape of a Tor hidden service. Believing others were as fed up as myself with the constant mining of our personal data, I was eager to see what kind of traffic my hidden service would receive.
Fast forward to a year later and I’ve come to realize that few people share my conviction or perhaps connecting to the tor network is just too much of a bother for most people. Whatever the cause may be, the result has been hardly any human traffic whatsoever. I get plenty of bots scraping the site though, but to what purpose I don’t know.
slackiuxopmaoigo.onion 127.0.0.1 - - [04/Nov/2017:12:06:10 +0100] "GET /2017/04/hpkp-has-been-deployed/ HTTP/1.1" 200 5243 "-" "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" 350 5734 slackiuxopmaoigo.onion 127.0.0.1 - - [04/Nov/2017:12:06:11 +0100] "GET /wp-content/themes/pureregression/style.css HTTP/1.1" 200 3458 "http://slackiuxopmaoigo.onion/2017/04/hpkp-has-been-deployed/" "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" 358 3924 slackiuxopmaoigo.onion 127.0.0.1 - - [04/Nov/2017:12:06:11 +0100] "GET /wp-content/uploads/2017/04/HPKP-ssllabs-662x297.png HTTP/1.1" 200 17666 "http://slackiuxopmaoigo.onion/2017/04/hpkp-has-been-deployed/" "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" 352 18096 slackiuxopmaoigo.onion 127.0.0.1 - - [04/Nov/2017:12:06:12 +0100] "GET /wp-content/themes/pureregression/images/frst.jpg HTTP/1.1" 200 113782 "http://slackiuxopmaoigo.onion/wp-content/themes/pureregression/style.css" "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" 360 114215 slackiuxopmaoigo.onion 127.0.0.1 - - [04/Nov/2017:12:06:13 +0100] "GET /favicon.ico HTTP/1.1" 200 12014 "-" "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0" 240 12445
The only IP address ever being logged by the server is 127.0.0.1 (localhost). That leaves only the user-agent string as the “identifiable” part of the request. Even if I was to examine the network connections, all I would be able to discover are my entry guards.
Tor occasionally reports about a large amount of failing circuits which could suggest an attack against me or my guard, but as the log says: most likely this means the Tor network is overloaded.
As for attacks against my webserver, those are few and far between and contain nothing new. Additionally there are a plenty of probes for my private_key, but I can’t really imagine a configuration where it would be accessible from the document root. I guess those probes originates from some service trying to discover horribly misconfigured onions.
To the future, and beyond
Ignoring the apparent lack of interest from my visitors I still find running an onion site interesting and I plan to keep maintaining slackiuxopmaoigo.onion in the future.