Log in or Sign up

Misconfigured Apache Servers Leak Details About Tor Traffic

Discussion in 'privacy technology' started by Minimalist, Jan 31, 2016.

Minimalist Registered Member

Joined:

Jan 6, 2014

Posts:

14,885

Location:

Slovenia, EU

A default setting left unmodified in Apache Web servers can reveal details about Tor traffic handled through that particular server.
Click to expand...

http://news.softpedia.com/news/misc...s-leak-details-about-tor-traffic-499664.shtml

Minimalist, Jan 31, 2016

#1
mirimir Registered Member

Joined:

Oct 1, 2011

Posts:

9,252

That's another good reason to use separate Tor gateways, as Whonix does. The webserver etc are bound to the server's LAN IP address, not localhost. And onion services in the gateway Tor client point to that server's LAN IP address. Everything in the server bound only to localhost stays private.

mirimir, Jan 31, 2016

#2
lotuseclat79 Registered Member

Joined:

Jun 16, 2005

Posts:

5,390

Default settings in Apache may decloak Tor hidden services

World's most widely used Web server often displays geographic locations of Tor sites.
Click to expand...

-- Tom

lotuseclat79, Feb 1, 2016

#3
mirimir Registered Member

Joined:

Oct 1, 2011

Posts:

9,252

Another point: Never use Apache for onion sites. Nginx or lighttpd.

mirimir, Feb 1, 2016

#4

(You must log in or sign up to reply here.)

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...