On Thu, Dec 18, 2008 at 06:24:46PM -0000, [email protected] wrote 0.7K 
bytes in 10 lines about:
: I want to provide basic free anonymous blogging services using Tor's hidden 
services. Are there any tutorials for this, apart from the basic setup 
information on Torproject.org? More specifically, how can I stop my users from 
identifying my server? What do I have to pay attention to?

There is no tutorial that I know of.  Each piece of software has
different concerns and configurations to protect both your and your
users anonymity.  


: How can I block connection attempts by Apache using my external network 
interface, eg. if the users execute scripts that contact external addresses? 
What information is exposed by environment variables, and how can I stop the 
user from reading them? For example, can I modify timezone/timestamps to 
obfuscate my server location?

Just some thoughts.  Run apache on localhost.  Set the system time to UTC.
Check the 404 page and such so that it doesn't give out the hostname.
Run apache in a jail, etc.  Run the jail/vm on a system without a public
IP; such that if someone does break apache, they find the IP address is
192.168.1.2 (or some other RFC1918 scheme).

: What settings do I have to change to fully remove Apache's IP logging to 
protect my users?

Disable access logging.

-- 
Andrew

Reply via email to