Tor Hosting

From Leo's Notes
Last edited on 31 August 2015, at 05:59.

A Tor Hosting company.

Requirements[edit | edit source]

An automatic, self sustaining hosting company based on the Tor anonymity network will depend on the following hard requirements:

  • Ability to accept payments using cryptocurrencies such as bitcoin
  • A customer portal panel for support, billing, and communication
  • Control panel to:
    • Manage MySQL databases
    • Monitor bandwidth
    • Monitor disk usage
    • Manage files (via FTP?)
  • Automatically handle account creation, involving:
    • Creating an account / directory
    • Configuring web server such as apache to listen on a unique port for a specific directory
    • Creating a Tor hidden service (generating private key, create :80 -> webserver:unique-port
    • Configure FTP account

Design[edit | edit source]

Website Front[edit | edit source]

A separate hidden service for the website and control panel. This should be on a separate server from the actual content server.

Backend Server[edit | edit source]

Watches for bitcoin transactions. Updates database records accordingly.

Content Servers[edit | edit source]

Accounts are created remotely on content servers. The control panel should not have direct write access to files except through FTP (using the user's credentials).

Account creation, password resets, termination, are sent through a message queue and processed.

Individual Account Features[edit | edit source]

  • FTP/SFTP access
  • Backup option
  • PHP 5
  • MySQL
  • Access logs?
  • Monitor bandwidth, disk usage

Accounts should not be able to:

  • See other users
  • List home directories
  • Port scan internal network
  • Create TCP connections elsewhere
  • Fork bomb server or interrupt other users.
    • This means user-process PHP is required

Other Hosting Providers[edit | edit source]

Freedom Hosting II[edit | edit source]

Freedom Hosting II's PHP configuration disallows the following:

pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,dl,fsockopen,pfsockopen,mail,virtual,link,symlink,putenv,popen,exec,passthru,proc_open,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_terminate,socket_accept,socket_bind,socket_clear_error,socket_close,socket_cmsg_space,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_import_stream,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_recvmsg,socket_select,socket_send,socket_sendmsg,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,posix_access,posix_ctermid,posix_errno,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_initgroups,posix_isatty,posix_kill,posix_mkfifo,posix_mknod,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname,ini_set

All sites are placed in /home/domain.onion/ with no option to change the domain.

See Also