Want to be heard and can’t register a domain?

Back when I had dial-up internet, I used to host stuff on my computers and give my public IP to friends so that they could enjoy or make use of, what I had to share. Back then there wasn’t any Facebook, hi5, orkut, or any chat mobile apps. The only cool thing we had was IRC (\\// Live long and prosper). I felt so empowered that I could host something on my computer and share it with friends, ok, so what if I got DOSed (denial of service), many times and my computer froze because, well I had windows 98 installed. That was the time when “Ping of death” was a thing. Good times though. Coming back to the topic, as I mentioned that I could host stuff online and ask people to connect to my IP, well the bandwidth was very poor so that model didn’t work so well, and did I mention, I got DOSed, many times. Nowadays, there are a lot of online services, free website hosting like “110mb.com, wordpress.com, blogger.com, etc”. Many people use these services and are super happy with it.

Sometimes you want to share something and want to keep it on your own computer. How do you do that? Well, some of you might say: “We have a DSL/Fiber connection, we can setup reverse NAT and we are good to go”. My answer to them is that what if your public IP changes? That becomes a problem! I recently saw this television program about Darknet and how only bad people use it and if you are a criminal, then you are on a Darknet. Well, all this is quite dramatic to be honest. Yes, criminals use it, but it wasn’t designed for them, they use it because of the anonymity features.

To solve the above mentioned problem, TOR can be used. Yes, TOR is an anonymizing software and can be used to host websites or any kind of service. There are some very simple steps to set it up. You can set it up on your computer or a raspberry pi. Follow the simple steps to install a hidden service:

  1. Install TOR, apt-get install tor
  2. Edit Tor configuration file: nano /etc/tor/torrc
  3. Find the section with hidden services and edit: HiddenServicePort <port on onion> 127.0.0.1:<mapped internal port>
  4. Setup a hidden service directory and add it to the config file </blah/hidden_service/>. Chmod it to 700 (Some times TOR complains about lose permissions)
  5. Run tor.. Get the onion domain name from the hostname file.
  6. Have fun!!!!

Once it is setup you can see your .onion domain name in the hostname file, but to access it you have to be in TOR network, but there is some good news as well, you can access it from the internet as well, via Tor2web. It is rather simple, really, if you have a domain, “myblahblahblahdomain.onion”, you just add a “.to” to the end and you are good to go. So, the end URL would be: “http://myblahblahblahdomain.onion.to/”.

That is it, you are good to go and enjoy your free hosting.

Anonymous Proxies , a menace for hackers & innocent users

hey every body !

People usually hear that anonymous proxies should be banned because hackers use these to compromise systems. On the other hand proxies can be used to anonymously  surf  the internet. This is pretty comforting i know but we should all watch our step.

xc0re_eff_tor

TOR (The Onion Router) , is a free software used for anonymity by almost every body nowadays. It is nearly impossible to trace a user  , once it starts using TOR ! It looks pretty awesome but it has a vulnerability or a weakness !

The weakness is the Exit-node sniffing problem.

htw1
In the above picture taken from Tor official Website
Alice wants to communicate anonymously with bib what would happen is that her traffic would be routed through the TOR network , exiting from the other side and reaching its destination that is BOB in this case. Now the until a packet reaches the last node of the TOR network or the Exit Node , the packet is encrypted but ass soon as it reaches the exit node it is converted to plain text , At that point if a hacker owns that exit node and simply runs a sniffer , he/she can get alot of info on the user. . Even FBI or Law enforcement agencies can use this trick to get a lead on the hackers. Many hackers and agencies are using this technique presently.