On Fri, Aug 31, 2018, 19:59 Micah Lee <[email protected]> wrote: > On 08/30/18 08:33, Jason S. Evans wrote: > > Hi all, > > > > How can I best audit an onion service to make sure that my IP can not > > easily be compromised? Is there a list of things to do to try to hack my > > own site to try to find the IP? > > In addition to what everyone else said, there's also a pretty awesome > tool called OnionScan which will scan http onion services looking for > leaks -- IP address, but also things like exif metadata in jpegs it finds. > > I used this on the onion site version of https://onionshare.org and it > discovered that I had apache2's mod_status enabled which was leaking the > real IP address of the server. > > Here's the website: > https://onionscan.org/ > > Here's the code, along with build instructions (it's written in golang): > https://github.com/s-rah/onionscan
sweet! I just finished to port OnionScan for FreeBSD, and should be in the tree soon; https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231508
_______________________________________________ tor-onions mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
