# Vps webhosts that allow .onion (tor) sites?



## Suspook (Jul 19, 2015)

Do most webhosts allow this? I want to find a host that will allow legal .onion sites. I have a vps now but the company does not llike tor.


----------



## MannDude (Jul 19, 2015)

Best just to ask specific providers that you are interested in if you can host a .onion site or not. I'm not certain off the top of my head of any but any that would allow you to run Tor stuff will probably let you.


----------



## ChrisM (Jul 19, 2015)

Good Luck finding a company that will support TOR. Even if for legitimate use its in a companies best interest to just flat out not allow any part of it on their network.


----------



## William (Jul 20, 2015)

No one can know you host onion sites in a VPS - Just get a KVM VPS with anyone and do it there.



> Even if for legitimate use its in a companies best interest to just flat out not allow any part of it on their network.


Please stop spreading things you have no idea about, Middle nodes and Internal servers are not visible from the internet at all and untraceable to any ISP, thus there is no risk involved at all.


----------



## HalfEatenPie (Jul 20, 2015)

William said:


> No one can know you host onion sites in a VPS - Just get a KVM VPS with anyone and do it there.
> 
> Please stop spreading things you have no idea about, Middle nodes and Internal servers are not visible from the internet at all and untraceable to any ISP, thus there is no risk involved at all.


Honestly it's simple risk management.  As a client, by violating the provider's ToS and agreement, you take the full legal responsibility behind it.  It's not really what's allowed and what isn't, it's simply covering their butts to make sure they're not on the hook.

Now does it work 100% of the time?  Not really.  Can it (and does it) affect normal business?  Depends on how high risk it is (many variables involved).  But if for the service provider your server is confiscated because someone hosted a Cheese Pizza .onion site on it, well then you're out of a server (especially if it's a VPS node, then your clients are out of their servers as well) and the offending client doesn't have anything to lose (well...  besides probably an investigation).

Tor is honestly just that.  It's a high risk process that now certain providers have stopped allowing (via note on your service agreement) simply because they don't want their servers being raided by the police.  Not that Tor is only used for that but due to the nature of Tor (in my opinion anyways) it carries a slightly higher risk.

Use your head.  Use your own judgement.  If you want to break the Terms of Service and carry the entire legal responsibility behind it, then go for it.  

Also, if you set it up right then of course it's almost untraceable to any ISP (besides for increased bandwidth usage between other tor relay nodes).  But a single mistake could leak your IP and therefore make it traceable.  The software stack you have to configure and worth with to make it all work though can be such a pain in the butt that a single mistake may happen sooner rather than later.  

*Edit:* To answer @Suspook's question.  While I won't say most, many hosts will not allow this because it's such a headache to deal with (and a ton of legal liability).  They want to make money, not have to potentially pursue (and pay for) a legal battle that YOU as a client brought on.  It's just bad for business.  In the end, my opinion is that it's something that theoretically is a great idea but realistically carries way too much risk that I'd rather not allow it.  However there are people who are more accepting of Tor and are more than willing to accept you as a client.  Contact any host's Sales department if you can't find any information on it and ask.  That's what they're there for!


----------



## TheLinuxBug (Jul 20, 2015)

Bottom line here really is you can use Tor with most KVM providers, but you should ALWAYS follow the TOS and AUP of your provider even if it is on Tor and not accessible directly from the internet.  Just because your sites on Tor doesn't mean you have a right to violate the TOS and AUP you agreed to (as in hosting illegal content or things not allowed in the TOS).  So, if you intend to host a LEGAL site on Tor where the content complies with the TOS and AUP I see no reason you can't run a site on almost any KVM host.  However, if your intent here is to host illegal content or something not generally allowed on their network, then of course the answer is NO.  

As @HalfEatenPie said its about risk.  A lot of OpenVZ providers may not allow the process just to avoid this possible risk that someone would host malicious content.  On a KVM host they can't see your processes, so its not like they will kill it off.  However, if they receive any type of abuse report stating you are doing something you shouldn't, you can bet you will find your VPS suspended.

*TL; DR:*

Keep your content legal and use a KVM server and yes, you can host a .onion site.  If you have any ill intentions regarding content, then of course this isn't acceptable regardless of if its Tor or not.  Use common sense and you should be Okay.

my 2 cents.

Cheers!


----------



## drmike (Jul 21, 2015)

To host a .onion site you need to run the rest of the ToR stack, correct?   That's usually against providers Terms.

Now sure you can go hide it in KVM and probably other full virtualization solutions. 

But you are still violating Terms.

I am all utopia-like about free speech... But... ToR is a crap magnet, and has been for eons.  No secret why providers hate it.

Turn off everything, and lock things down, hide in KVM, no public exit, probably should bandwidth limit too so that doesn't ring any bells.


----------



## InertiaNetworks-Ryan (Jul 21, 2015)

Uhh... did anyone forget about TOR DNS blacklists? All it takes is one provider to scan a block and they'll know.

dig 142.156.8.204.tor.dan.me.uk

-- and --

dig 142.156.8.204.tor.dan.me.uk txt

https://www.dan.me.uk/dnsbl

In fact, if providers signed up at Hetrix Tools, part of the DNSBL scan is Tor. So the scanning is already taken cared of for them.


----------



## William (Jul 21, 2015)

> Uhh... did anyone forget about TOR DNS blacklists? All it takes is one provider to scan a block and they'll know.


Again, also for you: Stop spreading stuff you have no idea about.

Onion hosts DO NOT SHOW UP IN THE TOR DIRECTORY AND ARE NOT VISIBLE FROM THE INTERNET - THEY DO NOT GO INTO ANY "TOR" BLACKLIST OR SIMILAR.


----------



## HBAndrei (Jul 21, 2015)

InertiaNetworks-Ryan said:


> In fact, if providers signed up at Hetrix Tools, part of the DNSBL scan is Tor. So the scanning is already taken cared of for them.


Thanks for the mention


----------



## joepie91 (Jul 21, 2015)

InertiaNetworks-Ryan said:


> Uhh... did anyone forget about TOR DNS blacklists? All it takes is one provider to scan a block and they'll know.
> 
> dig 142.156.8.204.tor.dan.me.uk
> 
> ...


The generic list contains all Tor relays, but not hidden services. The exit list only contains Tor exits, not relays or hidden services.

You should never use the generic list for blocking, and indeed people don't generally do that. If you need to keep out abuse, you need to use the *exit* *node* list (and even then you should really implement spam mitigation measures, rather than outright blocking).


----------



## InertiaNetworks-Ryan (Jul 21, 2015)

RIght but aren't hidden services running on a relay to begin with? It has to be connected to the network somehow?

Just found it... yep it's true. https://www.torproject.org/docs/tor-hidden-service.html.en - "Tor allows clients and relays to offer hidden services."


----------



## perennate (Jul 21, 2015)

InertiaNetworks-Ryan said:


> RIght but aren't hidden services running on a relay to begin with? It has to be connected to the network somehow?
> 
> 
> Just found it... yep it's true. https://www.torproject.org/docs/tor-hidden-service.html.en - "Tor allows clients and relays to offer hidden services."


No. That's the whole point of hidden services -- they're hidden. They "connect" to the "Tor network" in the same way that you would from a web browser; they connect to a relay node, extend to another relay node until they have a long enough path, and register the hidden service with the last node (the one that's furthest from the hidden service). At a high level, clients connect to the hidden service by a) looking up at which relay node(s) the hidden service can be accessed, B) connecting to a random relay node (out of all the ones in the network), c) extending the path a few times, d) extending again to one of the relay nodes where hidden service is registered, e) communicating along the path that hidden service made so now there's a channel between client and hidden service.

The first relay that the hidden service connects to does not have to (actually probably should not) be one on your own computer. That is why the quote says "Tor allows clients and relays to offer hidden services", not just "relays".


----------



## InertiaNetworks-Ryan (Jul 21, 2015)

Okay, so why not just take a list of everything that's on the DNSBL list and block it? That'd stop all relaying and exit nodes from connecting.


----------



## perennate (Jul 21, 2015)

InertiaNetworks-Ryan said:


> Okay, so why not just take a list of everything that's on the DNSBL list and block it? That'd stop all relaying and exit nodes from connecting.


Hm, can you clarify what you intend your suggestion to accomplish? I'm not sure what goal you're replying to.


----------



## joepie91 (Jul 21, 2015)

InertiaNetworks-Ryan said:


> Okay, so why not just take a list of everything that's on the DNSBL list and block it? That'd stop all relaying and exit nodes from connecting.


Why would you want to do that?


----------



## GIANT_CRAB (Jul 21, 2015)

InertiaNetworks-Ryan said:


> Okay, so why not just take a list of everything that's on the DNSBL list and block it? That'd stop all relaying and exit nodes from connecting.


Why would you do that? That's going to defeat the purpose of the web - which is freedom and privacy.

Also, thread is getting derailed badly.


----------



## William (Jul 22, 2015)

InertiaNetworks-Ryan said:


> Okay, so why not just take a list of everything that's on the DNSBL list and block it? That'd stop all relaying and exit nodes from connecting.


Sure, and puts you on one level with Iran, China and Afghanistan - Is that what you want?

It's also useless - Bridge nodes are not listed either and can be obtained from Torproject to connect to.


----------



## DomainBop (Jul 22, 2015)

GIANT_CRAB said:


> Also, thread is getting derailed badly.


...back on track --> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs


----------



## drmike (Jul 22, 2015)

William said:


> Sure, and puts you on one level with Iran, China and Afghanistan - Is that what you want?


Walled gardens.

I've blocked the exit nodes from the public list in my own environments many times.  Whole bunch of web abuse did originate from such in the past (when I actively cared).

Mind you I believe in freedom, which includes self preservation, survival and protecting assets as necessary, which today includes digital assets (servers and all related software stacks).

EDIT: and blocking these does nothing about the middle nodes or onion sites.


----------



## joepie91 (Jul 22, 2015)

DomainBop said:


> ...back on track --> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs


That's more for relays/exits, though, not hidden services.


----------



## donator (Sep 11, 2015)

By asking a provider if Tor is allowed you can easily find out if they are worthy of your time, regardless of if you actually want to run Tor.

"No" generally means "I don't want my customers to use the resources they pay for" [in case of a relay] or "I have no clue how it works, but isn't that what pedophiles use?".


vpsboard blocks Tor and I simply used a different anonymity service to sign up...


----------



## donator (Sep 11, 2015)

somehow, editing my post does nothing.

Large French/German companies allow you to do anything you want with the resources that you paid for, provided it is legal.


----------



## serversec (Oct 4, 2015)

Suspook said:


> Do most webhosts allow this? I want to find a host that will allow legal .onion sites. I have a vps now but the company does not llike tor.



I suggest serversdrift. They allow .onion sites as well offer free server setup for onionland.


----------



## keanu (Oct 7, 2015)

I don't see an issue with TOR as long there is no illegal content involved, such as hosting https://globaleaks.org/ etc.


----------



## Sonwebhost (Oct 18, 2015)

Open a pre-sales and give more details see it it can be done.


----------

