Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Technology

Popular Dark Web Hosting Provider Got Hacked, 6,500 Sites Down (zdnet.com) 104

Daniel's Hosting, one of the largest providers of Dark Web hosting services, was hacked this week and taken offline, ZDNet reports. From a report: The hack took place on Thursday, November 15, according to Daniel Winzen, the software developer behind the hosting service. "As per my analysis it seems someone got access to the database and deleted all accounts," he said in a message posted on the DH portal today. Winzen said the server's root account was also deleted, and that all 6,500+ Dark Web services hosted on the platform are now gone. "Unfortunately, all data is lost and per design, there are no backups," Winzen told ZDNet in an email today. "I will bring my hosting back up once the vulnerability has been identified and fixed."
This discussion has been archived. No new comments can be posted.

Popular Dark Web Hosting Provider Got Hacked, 6,500 Sites Down

Comments Filter:
  • No backups?! (Score:4, Informative)

    by fbobraga ( 1612783 ) on Monday November 19, 2018 @02:32PM (#57669560) Homepage

    all data is lost and per design, there are no backups Wow

    • Re:No backups?! (Score:5, Insightful)

      by Tuidjy ( 321055 ) on Monday November 19, 2018 @02:35PM (#57669590)

      By design.

      I find it quite surprising, as well. It's easier to secure backups than it is to secure an Internet facing server... as the host learned, incidentally.

      I can't trust someone to make backups and store them safely, I probably would not I trust him host my server.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Pretty sure that they are trying to prevent a government from getting a court order to access their backup tapes, which would allow them access to all historical communications, etc... Much more information than they would keep on a running server.

        That said, they should plan on running the old hardware through a chipper-shredder and re-building on a completely different hardware and OS than they were running on before.

      • Re:No backups?! (Score:5, Insightful)

        by ShanghaiBill ( 739463 ) on Monday November 19, 2018 @03:00PM (#57669724)

        I find it quite surprising, as well

        You should not be surprised. This is the dark web. If backups are made, they can be subpoenaed.

        I can't trust someone to make backups and store them safely, I probably would not I trust him host my server.

        You are missing the point. His customers are looking for someone they can trust to NOT make backups.

        Anyway, good luck to Daniel and his customers. As long as we have overreaching governments grasping for power, we need the anonymity and secrecy of the dark web. Hopefully someday their activities can be done openly.

      • One of the selling points is that he did not take backups, so the data never left the root account.

        However, what he should have done, assuming he was using AWS, was at least pop snapshots on a daily/weekly/monthly level, with a guarantee that they would be deleted, perhaps with code that deletes the snapshot of a client VM when the client deletes the snapshot, using crypto keys to ensure the data is not readable.

      • by Luckyo ( 1726890 )

        Dark Web hosting is by definition of the kind you don't want any backups of. This is about securing backups against a government entity with court backup. Not against "random hackers".

        And it's much harder to secure backups against such entity, requiring a completely different approach. You're thinking securing against hackers. That's a completely different game compared to one they're playing.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      It's dark web you nutsack, they deliberately do not make backups.
      "Wow"

    • by bob4u2c ( 73467 ) on Monday November 19, 2018 @03:06PM (#57669752)
      Just contact the CIA, I'm sure they have a few backups.
    • by Anonymous Coward

      It's a dark net hosting site, the policy makes perfect sense.

    • by Anonymous Coward

      Who would be dumb enough to back up the content of thousands of kiddy porn sites?

    • no backups Wow

      Just one phrase: Bookie Flash Paper.

      "The days of guys writing bets on flash paper so they could burn everything when the cops busted in are long gone," [nytimes.com] But I guess that was before most of y'alls time.

      Believe it or not, there's are times where you WANT to lose your data.

      Oh, and speaking of old phrases, does anyone remember: "If anyone says they're from the government and here to help you, run"? Now-days it seems more like a demand rather than a joke.

  • by PPH ( 736903 ) on Monday November 19, 2018 @02:34PM (#57669570)

    ... where Bobby Tables went to work after graduating.

  • If they had merely created a backdoor account and given the FBI access, I'm certain that the server would have been seized and a shitload of arrests would have happened. There is no way he was hosting 6500 darkweb sites without lots of them being highly illegal.

    • by Anonymous Coward

      Empirical proof > Circumstantial evidence > Implicating factors > Psychic intuition > steaming pile of dogshit > Your as-yet unfounded opine

  • Dark web host (Score:4, Insightful)

    by PPH ( 736903 ) on Monday November 19, 2018 @02:44PM (#57669636)

    Big Red Button next to the front door. 'In the event of a search warrant, press"

  • Considering how linked the two are, I expect people are cashing out their ill gotten coins as fast as possible.
  • by fredrated ( 639554 ) on Monday November 19, 2018 @02:51PM (#57669686) Journal

    went dark. Oh the irony.

  • Let me guess, hacker router his connection through the dark web? :D
  • Perhaps one-way is the wrong term, perhaps "Postbox"-Backups are a better term?

    I mean, we have the tools to create a public & private key used for asymetric encryption.

    With my public-key I can encrypt data and without the private key this data can't be decrypted?

    How to use these keys in backup and restoration?
    So when I would generate such a key-pair and put the public key into the backup service of this hosting provider, the data could be backed up and gets encrypted with the public-key. But nobody exce

  • by DogDude ( 805747 ) on Monday November 19, 2018 @05:29PM (#57670582)
    Why do so few people set up web servers at home? It ain't rocket science. It can be done on *any* computer. Really. Unless you're hosting something really huge or something that gets a huge amount of traffic, just fire up any old PC, install a web server, and you're done. Do your own backups (drag and drop folders, if you're too clueless to schedule something). People used to do it all of the time, back when setting up things like web and FTP servers were more complicated than it is now. It's100% free, and if you're doing something sketchy, you've got 100% control of your own files and your own backups.
    • Most ISPs require a business class contract to have a server. Here that is a min of $350/mo for 50/5.

      • Most ISPs require a business class contract to have a server. Here that is a min of $350/mo for 50/5.

        Wow!. I agree with your first sentence. I had to switch to a business class contract to get a public facing IP address. I had the choice of paying 59EUR for a 250/10 consumer connection or ... 62EUR for a 250/40 connection with 2 IP addresses with each additional IP a few eur per month.

        You're being fleeced. But then you knew that already.

    • Why do so few people set up web servers at home?

      Last I checked there were 7 billion people in the world and roughly half that many IPv4 addresses. This means each IPv4 address will, on average,* correspond to more than one home subscriber. Thus ISPs in many countries put each neighborhood behind a carrier-grade network address translation (CGNAT) device [wikipedia.org], which allows a hundred or so to make outgoing connections on the same IP address. But a device behind CGNAT cannot receive incoming connections because the CGNAT does not know to whom to forward the conn

      • I had this problem, so I pay my ISP 3eur / month more to get a business connection. I also get an additional 30mbit upload bandwidth for that.

        • by tepples ( 727027 )

          The United States and whatever EU member state you live in have a larger-than-average allocation of IPv4 addresses per thousand people. In some places, an IPv4 address costs a lot more than 3 euros per month. It's much more expensive to get your own IP in somewhere like Myanmar, as Bert64 reported [slashdot.org]: First you have to buy a business license, as none of the ISPs in a given city will sell a business connection to an individual. Then your business is placed behind CGNAT unless you lease individual IPv4 addresses

          • Being a registered business is also a hurdle that is different in different countries.

            I have a registered business in Australia. It cost me the time it took to fill out a form, and that gave me an assigned name an business number from the tax department. Just like in Australia you need to be a registered business to get a domain name, it's a hurdle that has stopped no one.

            Funny side anecdote: every other person is their own registered business due to the tax benefits you can get from it. A classic case was

    • It's100% free, and if you're doing something sketchy, you've got 100% control of your own files and your own backups.

      People with technical knowledge who are doing sketchy things like to host their stuff on other people's home servers, often on their router (which has firmware that hasn't been updated in years).

    • by Bazar ( 778572 )

      As someone who's done home email servers, webhosting, phones, the lot
      The age of running web services from your home connection has passed.

      If you try to run emails out of a home connection, either your ISP will block by default port 25 used for sending emails, or your ip address will be blacklisted by any and every spam filter system out there.
      Even if you're ISP is good and unblocks you, you'll still likely hit some spam filters.

      As for security, do you really want to go to the hassle of applying security upd

  • Just Dark Web? Imagine subpoenas for backups of 4chan's /b/ *the horror
  • by sad_ ( 7868 )

    now i know what to tell my boss the next time there are no backups.
    it's by design!

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...