Hi, I noticed a while ago that there is a clone onion site for Ahmia. Now I realized that someone is actually generated similar onion domains to all popular onion sites and is re-writing some of the content.
For instance, REAL Ahmia: http://msydqstlz2kzerdg.onion/search/?q=duckduckgo FAKE Ahmia: http://msydqjihosw2fsu3.onion/search/?q=duckduckgo Look carefully and notice the difference: REAL DDG: http://3g2upl4pq6kufc4m.onion/ FAKE DDG: http://3g2up5afx6n5miu4.onion/ It seems that the situation is this: The unknown attacker tries to direct users to these fake sites. The attacker is running multiple onion addresses similar to the popular onion addresses. These sites are actually working as a transparent proxy to real sites. However, the attacker works as MITM and rewrites some content. It is possible that the attacker is gathering information, including user names and passwords. I did some data mining and comparison with Ahmia.fi and seems to be that there are at least 255 fake mirror sites. See the list http://pastebin.com/iHPwhCeH Greetings, Juha -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
