Best Hidden Service web server?
What is the best web server for hidden service? Are any containing exploits that can reveal IPs, or maybe even in the 404 pages etc? -- Jerzy Łogiewa -- jerz...@interia.eu -- Pobierz i zagraj - gry czekaja na Ciebie! Sprawdz http://linkint.pl/f28dd *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Best Hidden Service web server?
Jerzy Łogiewa wrote: What is the best web server for hidden service? Are any containing exploits that can reveal IPs, or maybe even in the 404 pages etc? -- Jerzy Łogiewa -- jerz...@interia.eu http://www.acme.com/software/thttpd/ http://www.acme.com/software/mini_httpd/ http://www.acme.com/software/micro_httpd/ (~200 lines of code) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Best Hidden Service web server?
Dirk wrote: Jerzy Łogiewa wrote: What is the best web server for hidden service? Are any containing exploits that can reveal IPs, or maybe even in the 404 pages etc? -- Jerzy Łogiewa -- jerz...@interia.eu http://www.acme.com/software/thttpd/ http://www.acme.com/software/mini_httpd/ http://www.acme.com/software/micro_httpd/ (~200 lines of code) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Is it a bad idea to use an apache for a hidden serice? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Best Hidden Service web server?
Orionjur Tor-admin wrote: Dirk wrote: Jerzy Łogiewa wrote: What is the best web server for hidden service? Are any containing exploits that can reveal IPs, or maybe even in the 404 pages etc? -- Jerzy Łogiewa -- jerz...@interia.eu http://www.acme.com/software/thttpd/ http://www.acme.com/software/mini_httpd/ http://www.acme.com/software/micro_httpd/ (~200 lines of code) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Is it a bad idea to use an apache for a hidden serice? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ i don't know... apache is quite bloated.. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Cookie Mismatch when using Gmail.
I wonder if any kind soul can help. My understanding is that this conflict between aspects of Gmail and Torbutton is hardly unique to me. On 05/01/11 11:25, Matthew wrote: More information appended at the end. I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions http://www.google.com/support/websearch/bin/answer.py?answer=35851hl=en. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=32050. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add *www.google.com http://www.google.com* to your list of allowed sites. Learn more http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=39612 To add some more information: Vidalia + NoScript does not present any cookie issues. I can access Account Settings. The problem is when TorButton is used. I then used TorButton's preferences to remove all the protections by unticking as much as possible (effectively making TorButton worthless). I still get the same error! I rebooted and cleaned the cache and cookies and still I cannot access the Account Settings aspect of Gmail. It is as if TorButton per se is the issue irrespective of any security settings it uses. In my Firefox cookie section I have cookies for mail.google.com that read: GX, GXSP, gmailchat, TZ, GMAIL_AT, and S. Yet Gmail still claims that cookies are not installed. I did an about:cache and then searched for torbutton. There were about 100 entries which include: extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true I did change regen_google cookies to true but this did not change anything. Perhaps one needs to change certain entries in about:config to affect TorButton's interactions with Gmail? Any ideas from TorButton developers? Thanks.
Re: Cookie Mismatch when using Gmail.
Thus spake Matthew (pump...@cotse.net): I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Vidalia + NoScript does not present any cookie issues. I can access Account Settings. The problem is when TorButton is used. I then used TorButton's preferences to remove all the protections by unticking as much as possible (effectively making TorButton worthless). I still get the same error! I rebooted and cleaned the cache and cookies and still I cannot access the Account Settings aspect of Gmail. It is as if TorButton per se is the issue irrespective of any security settings it uses. In my Firefox cookie section I have cookies for mail.google.com that read: GX, GXSP, gmailchat, TZ, GMAIL_AT, and S. Yet Gmail still claims that cookies are not installed. I did an about:cache and then searched for torbutton. There were about 100 entries which include: extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true Try changing this last setting (extensions.torbutton.xfer_google_cookies) to false. It is designed to try to move your google cookies from one domain to another to avoid requiring you to solve captchas for every google country domain. It could be breaking something in the signon process, especially if you get redirected to/from a country domain during login (by using a german exit, for example). -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp37IP4lHjb8.pgp Description: PGP signature
Re: Index of hidden services?
The second some kind of automation starts kicking in, scanning for hidden services, I think this is a Bad Idea. scanning 36^16 possible hidden services is out of discussion... It's actually 32^16. Considering 10k nodes processing 1 per second would only take 3.9 trillion years to search port 80... The second some kind of automation starts kicking in, scanning for hidden services, I think this is a Bad Idea. ... I still would love it if the authorities receiving the hidden service descriptors would just dump them out in OnionLand for all to see. I'd consider it a bona fide and very welcome service to the community. HINT ;-) At least until Tor went full DHT. HINT ;-) For which the nodes would just dump their own views of same. It's up to the onion operators to permit or allow onion access. Nothing different than on the regular internet. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Uid in Url?
Oddly enough when I went to the Fastmail.fm website I found this in part of the Url- ;Uid=631627de6168acc511ca!1293770632;MSignal=LN-Main*N-1*logout Is that identifying my hard drive Uuid? -- http://www.fastmail.fm - A no graphics, no pop-ups email service *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Best Hidden Service web server?
Original Message From: Orionjur Tor-admin tor-ad...@orionjurinform.com Is it a bad idea to use an apache for a hidden serice? Not at all. I'm actually recommending it over any other because it's complex and has a lot of traps for you to fall into. That sounds ridiculous right? No it isn't, because that will force you to learn it and secure it, instead of just relying on a simple and easy to use webserver without having any intention of learning anything about security. Security should be your main concern and main focus as a hidden service operator, not taking the easy route and then lay back and think that your safe just because you installed a simple and lightweight webserver. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Best Hidden Service web server?
hi...@safe-mail.net wrote: Original Message From: Orionjur Tor-admin tor-ad...@orionjurinform.com Is it a bad idea to use an apache for a hidden serice? Not at all. I'm actually recommending it over any other because it's complex and has a lot of traps for you to fall into. That sounds ridiculous right? No it isn't, because that will force you to learn it and secure it, instead of just relying on a simple and easy to use webserver without having any intention of learning anything about security. Security should be your main concern and main focus as a hidden service operator, not taking the easy route and then lay back and think that your safe just because you installed a simple and lightweight webserver. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ hahaha... that's what they (apache docs team) replied when i told them their documentation is shit and was comparing it to php docs which are intuitive and awesome... asked them to add a example .htaccess for every damn variable/command they have with a red frame around it... they said their docs are so shitty to discourage noobs who would taint apaches reputation... xD *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/