Vps webhosts that allow .onion (tor) sites?
- Thread starter Suspook
- Start date
No one can know you host onion sites in a VPS - Just get a KVM VPS with anyone and do it there.
Please stop spreading things you have no idea about, Middle nodes and Internal servers are not visible from the internet at all and untraceable to any ISP, thus there is no risk involved at all.
Honestly it's simple risk management. As a client, by violating the provider's ToS and agreement, you take the full legal responsibility behind it. It's not really what's allowed and what isn't, it's simply covering their butts to make sure they're not on the hook.
Now does it work 100% of the time? Not really. Can it (and does it) affect normal business? Depends on how high risk it is (many variables involved). But if for the service provider your server is confiscated because someone hosted a Cheese Pizza .onion site on it, well then you're out of a server (especially if it's a VPS node, then your clients are out of their servers as well) and the offending client doesn't have anything to lose (well... besides probably an investigation).
Tor is honestly just that. It's a high risk process that now certain providers have stopped allowing (via note on your service agreement) simply because they don't want their servers being raided by the police. Not that Tor is only used for that but due to the nature of Tor (in my opinion anyways) it carries a slightly higher risk.
Use your head. Use your own judgement. If you want to break the Terms of Service and carry the entire legal responsibility behind it, then go for it.
Also, if you set it up right then of course it's almost untraceable to any ISP (besides for increased bandwidth usage between other tor relay nodes). But a single mistake could leak your IP and therefore make it traceable. The software stack you have to configure and worth with to make it all work though can be such a pain in the butt that a single mistake may happen sooner rather than later.
Edit: To answer @Suspook's question. While I won't say most, many hosts will not allow this because it's such a headache to deal with (and a ton of legal liability). They want to make money, not have to potentially pursue (and pay for) a legal battle that YOU as a client brought on. It's just bad for business. In the end, my opinion is that it's something that theoretically is a great idea but realistically carries way too much risk that I'd rather not allow it. However there are people who are more accepting of Tor and are more than willing to accept you as a client. Contact any host's Sales department if you can't find any information on it and ask. That's what they're there for!
Last edited by a moderator:
TheLinuxBug
New Member
Bottom line here really is you can use Tor with most KVM providers, but you should ALWAYS follow the TOS and AUP of your provider even if it is on Tor and not accessible directly from the internet. Just because your sites on Tor doesn't mean you have a right to violate the TOS and AUP you agreed to (as in hosting illegal content or things not allowed in the TOS). So, if you intend to host a LEGAL site on Tor where the content complies with the TOS and AUP I see no reason you can't run a site on almost any KVM host. However, if your intent here is to host illegal content or something not generally allowed on their network, then of course the answer is NO.
As @HalfEatenPie said its about risk. A lot of OpenVZ providers may not allow the process just to avoid this possible risk that someone would host malicious content. On a KVM host they can't see your processes, so its not like they will kill it off. However, if they receive any type of abuse report stating you are doing something you shouldn't, you can bet you will find your VPS suspended.
TL; DR:
Keep your content legal and use a KVM server and yes, you can host a .onion site. If you have any ill intentions regarding content, then of course this isn't acceptable regardless of if its Tor or not. Use common sense and you should be Okay.
my 2 cents.
Cheers!
As @HalfEatenPie said its about risk. A lot of OpenVZ providers may not allow the process just to avoid this possible risk that someone would host malicious content. On a KVM host they can't see your processes, so its not like they will kill it off. However, if they receive any type of abuse report stating you are doing something you shouldn't, you can bet you will find your VPS suspended.
TL; DR:
Keep your content legal and use a KVM server and yes, you can host a .onion site. If you have any ill intentions regarding content, then of course this isn't acceptable regardless of if its Tor or not. Use common sense and you should be Okay.
my 2 cents.
Cheers!
Last edited by a moderator:
drmike
100% Tier-1 Gogent
To host a .onion site you need to run the rest of the ToR stack, correct? That's usually against providers Terms.
Now sure you can go hide it in KVM and probably other full virtualization solutions.
But you are still violating Terms.
I am all utopia-like about free speech... But... ToR is a crap magnet, and has been for eons. No secret why providers hate it.
Turn off everything, and lock things down, hide in KVM, no public exit, probably should bandwidth limit too so that doesn't ring any bells.
Now sure you can go hide it in KVM and probably other full virtualization solutions.
But you are still violating Terms.
I am all utopia-like about free speech... But... ToR is a crap magnet, and has been for eons. No secret why providers hate it.
Turn off everything, and lock things down, hide in KVM, no public exit, probably should bandwidth limit too so that doesn't ring any bells.
Last edited by a moderator:
Uhh... did anyone forget about TOR DNS blacklists? All it takes is one provider to scan a block and they'll know.
dig 142.156.8.204.tor.dan.me.uk
-- and --
dig 142.156.8.204.tor.dan.me.uk txt
https://www.dan.me.uk/dnsbl
In fact, if providers signed up at Hetrix Tools, part of the DNSBL scan is Tor. So the scanning is already taken cared of for them.
dig 142.156.8.204.tor.dan.me.uk
-- and --
dig 142.156.8.204.tor.dan.me.uk txt
https://www.dan.me.uk/dnsbl
In fact, if providers signed up at Hetrix Tools, part of the DNSBL scan is Tor. So the scanning is already taken cared of for them.
Thanks for the mention
The generic list contains all Tor relays, but not hidden services. The exit list only contains Tor exits, not relays or hidden services.
You should never use the generic list for blocking, and indeed people don't generally do that. If you need to keep out abuse, you need to use the exit node list (and even then you should really implement spam mitigation measures, rather than outright blocking).
Last edited by a moderator:
RIght but aren't hidden services running on a relay to begin with? It has to be connected to the network somehow?
Just found it... yep it's true. https://www.torproject.org/docs/tor-hidden-service.html.en - "Tor allows clients and relays to offer hidden services."
Just found it... yep it's true. https://www.torproject.org/docs/tor-hidden-service.html.en - "Tor allows clients and relays to offer hidden services."
Last edited by a moderator:
No. That's the whole point of hidden services -- they're hidden. They "connect" to the "Tor network" in the same way that you would from a web browser; they connect to a relay node, extend to another relay node until they have a long enough path, and register the hidden service with the last node (the one that's furthest from the hidden service). At a high level, clients connect to the hidden service by a) looking up at which relay node(s) the hidden service can be accessed, B) connecting to a random relay node (out of all the ones in the network), c) extending the path a few times, d) extending again to one of the relay nodes where hidden service is registered, e) communicating along the path that hidden service made so now there's a channel between client and hidden service.
The first relay that the hidden service connects to does not have to (actually probably should not) be one on your own computer. That is why the quote says "Tor allows clients and relays to offer hidden services", not just "relays".
Last edited by a moderator:
Okay, so why not just take a list of everything that's on the DNSBL list and block it? That'd stop all relaying and exit nodes from connecting.
Hm, can you clarify what you intend your suggestion to accomplish? I'm not sure what goal you're replying to.
Last edited by a moderator:
Why would you want to do that?
GIANT_CRAB
New Member
Why would you do that? That's going to defeat the purpose of the web - which is freedom and privacy.
Also, thread is getting derailed badly.
Sure, and puts you on one level with Iran, China and Afghanistan - Is that what you want?
It's also useless - Bridge nodes are not listed either and can be obtained from Torproject to connect to.
Last edited by a moderator:
DomainBop
Dormant VPSB Pathogen
...back on track --> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
drmike
100% Tier-1 Gogent
Walled gardens.
I've blocked the exit nodes from the public list in my own environments many times. Whole bunch of web abuse did originate from such in the past (when I actively cared).
Mind you I believe in freedom, which includes self preservation, survival and protecting assets as necessary, which today includes digital assets (servers and all related software stacks).
EDIT: and blocking these does nothing about the middle nodes or onion sites.
Last edited by a moderator: