How to Host a Site on the Dark Web
Introduction
In this article we will be setting up a server that will host a website on the Dark Web. We will be using Tor Hidden services for this purpose. and a static website for simplicity and security.
Also all the following was tested on a remote server running Ubuntu 18.04 LTS. The server is properly secured and hardened for production use. Also i will be assuming that you have a basic familiarity with the Dark Web and you already have the Tor Browser installed, Tails, or even a Brave browser Private window with Tor.
Installing Tor
You can search for the tor package in the default repositories of Ubuntu, by running :
sudo apt update
sudo apt show tor
Output :
Package: tor
Version: 0.3.2.10-1
Priority: optional
Section: universe/net
Origin: Ubuntu
...
As you can see the tor package is not reliably updated. Luckily for us the Tor project maintains their own repository. so we will add that repository.
To add the Tor project repository, open your source list at /etc/apt/sources.list :
sudo nano /etc/apt/sources.list
Add the following :
deb https://deb.torproject.org/torproject.org bionic main
deb-src https://deb.torproject.org/torproject.org bionic main
Then add the gpg key used to sign the packages by running the following commands at your command prompt:
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
They also provide a Debian package to help you keep our signing key current. It is recommended you use it. Install it alongside with Tor it by running the following commands:
sudo apt update
sudo apt install tor deb.torproject.org-keyring
The Tor Hidden Service
Now we need to edit the Tor configuration file to enable the hidden service. But first we will make a backup of this configuration file.
sudo cp /etc/tor/torrc /etc/tor/torrc.bak
Next we need to edit the configuration file.
sudo nano /etc/tor/torrc
By default all Tor client services, relays, and hidden services are commented out and disabled. Let’s activate the hidden service. Find the section for hidden services. It will look something like this.
############### This section is just for location-hidden services #######
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22
Uncomment the following lines by removing the # at the beginning :
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
The Hidden services section should look something like :
############### This section is just for location-hidden services #########
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:2
Now restart the Tor service :
sudo systemctl restart tor
Few files should be generated in /var/lib/tor/hidden_service/ directory, a hostname file, and a private_key
Open it up to get your .onion address. :
sudo nano /var/lib/tor/hidden_service/hostname
My address was uhs5lbrjzbbtcsmx.onion
The private_key file conatins your private key, you should make a backup of it and keep it secure.
It should look similar to this.
-----BEGIN RSA PRIVATE KEY-----
ENzZ/c1aKAwslQ/WwLjd9rRh4rfK74887uS+Thb3ggnVDc+GKHBlJcdwsawaslVR
Y5Zvo95atYIHigGHR1QCbZ1GCBt4YebLcCBrNG1zsDoDEbxu4MqcdewsccewsSad
VB+0dntEJ2CDciHz6lnSvz9VJoWA8m5PNlC4ITZ+v1prQIDAQABOLbdxswecewwA
AoGBAKCCPCFmUE8HS492qzqqwy3wxfpvf4l5RHCgHK3in1efGZd1+kQLeHiu2ZF1
Vv+0mtWF3eDUy7g0oDluck1337Haxor1FcoKGEgpCXtVnOuEnEJEn/K+dFsxFYBd
AUuZ61yOC7cWySAJA1pi5CtJQm1aH10IxyNYg9kjOPbEiIjBAkEA3UtXwwTxHWLZ
hvcBLzM3uQ31CK93HKar40DyYmlOHZfHPhzgwjr3gwbAjqKnx0AXcnBuhy1gwwW8
U4V6yDSNyrqfiYcMPCYVEKZV/ebmBLW0BWOw+kimukGhGQ==
-----END RSA PRIVATE KEY-----
Installing Nginx
Nginx provides a server backend that can be more suitably hardened and secured against the potential threats against a hidden service, although Apache or other HTTP server software can certainly work. Just make sure that it's bound to 127.0.0.1 to prevent discoveries through services such as Shodan.
To install nginx simply run :
sudo apt install nginx
Your server must be running a firewall. By default Ubuntu has a firewall named UFW and we will be using it.
The following command will allow HTTP traffic.
sudo ufw allow 'Nginx HTTP'
Visit your server’s IP address to verify that the web server is operational.
If things are working correctly, remove this rule. Then reload the firewall.
sudo ufw deny 'Nginx HTTP'
sudo ufw reload
Nginx configuration
Edit the main Nginx configuration file to disable undesirable information sharing :
sudo nano /etc/nginx/nginx.conf
Inside the http block add the following:
server_name_in_redirect off;
server_tokens off;
port_in_redirect off;
sudo systemctl restart nginx
Web Server Root Directory
Make a directory to hold our files for the web server.
sudo mkdir /var/www/dark_web
Make and edit an index.html file for your site for testing purposes.
sudo nano /var/www/dark_web/index.html
Inside just put anything. We don’t need actual html, just something for right now.
Welcome to my dark web page
Set the permissions so that Nginx can access the files.
sudo chmod 755 /var/www/dark_web
Remove Nginx Default
Remove the default site.
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
Add Available Site
Make a new site in the sites-available directory.
sudo nano /etc/nginx/sites-available/dark_web
Inside add the following replacing the root and server_name values for your instance.
server {
listen 127.0.0.1:80;
root /var/www/dark_web/;
index index.html;
server_name uhs5lbrjzbbtcsmx.onion;
}
Add this site the the site_enabled.
sudo ln -s /etc/nginx/sites-available/dark_web /etc/nginx/sites-enabled/
Then restart the Nginx server.
sudo systemctl restart nginx
Conclusion
Now you have a site on the Dark Web. Any files in the /var/www/dark_web will be available on the Tor network. the static site generator should output to this folder.