Thousands of dark websites deleted in attack on free hosting service – Naked Security

One of the most popular dark web hosting services, Daniel’s Hosting (DH), has been shot down. Again.

Daniel Wizen, the German software developer who runs DH, said that this time the free hosting service provider is kaput… at least for the foreseeable future… which he also said, more or less, the last one. times, in September 2018, when hackers wiped out 6,500 Dark Web sites in one fell swoop.

Wizen acknowledged the attack in an article on the hosting provider portal, claiming that the recent attack happened last Tuesday – March 10 – in the early hours of the morning. At least that’s when all the databases associated with dark website hosting were taken down.

DarkOwl – a darknet intelligence, tools, and cybersecurity service that monitors DH and other Dark Web activity and analyzed the September 2018 breach – spotted Wizen’s post and shared it on twitter March 10. This is the same day that Wizen says their hosting database was destroyed.

As Wizen relates, he found out that a new database had been created with user permissions. There isn’t much he can do with it, however: without his hosting database, he can’t figure out who they are and how they got full permissions on the platform.

According to ZDNet, the attack destroyed 7,600 sites. Wizen says he’s not entirely sure when it happened, or who did it. If anyone has any ideas about the vulnerability that could have led to the attack, or ideas for future releases or feature requests, he invited them to share their comments on his open source project.

Wizen also invited his supporters to participate in his efforts: invitations suggesting he will likely resurrect the hosting provider at some point. At this point, he’s sick of it, he says. He freely gives of his time, which is in addition to his full-time job. It takes time, he said, especially given the work involved in “keeping the server free from illegal and fraudulent sites.”

I spend 10 times more time deleting accounts than I can find time to continue development. At the moment, I have no plans to continue with the hosting project, but that must not be the end.

How clean are Daniel’s Hosting servers? When DarkOwl analyzed the sites demolished during the 2018 attack, its analysts found that out of 6,500 sites, the world had lost the following – not all of which you would call “I would eat off this plate” own :

  • 657 hidden services had the title “Site hosted by Daniel’s hosting service” and nothing else (but may have been used for something other than serving web content).
  • 457 hidden services contain content related to hacking and / or malware development.
  • 304 were classified as forums.
  • 148 were discussion forums.
  • 136 included drug-specific keywords.
  • 109 contained content related to counterfeiting.
  • 54 specifically mentioned carding information.
  • Over 20 refers to weapons and explosives.

DarkOwl says stay tuned: He’s currently preparing an analysis of what the Dark Web lost in last week’s attack on DH.

Of course, not all Dark Web sites are devoted to illegal activity. Some are there for the privacy conscious and / or for those who live in areas of strict government censorship and repression.

According to ZDNet, by design, the hosting service does not keep backups. Wizen believes the attack only affected the main database account, not the accounts of users who hosted sites on its platform. Still, he said, users should “treat all data as leaks” and change their passwords if they reuse them on other sites. Which, of course, underscores the fact that none of us should reuse passwords, whether we’re political dissidents or engaging in more unsavory activities (although we do have a hard time doing things. to feel sympathy for them if their credentials are hacked).

Better safe than sorry, says Wizen – especially since he hasn’t had much time to figure out what exactly happened:

[As] I am currently very busy with my day to day life and other projects, I have decided not to spend too much time investigating.


Latest podcast from Naked Security