Web sites

Thousands of dark websites removed in attack on free hosting service – Naked Security

One of the most popular web hosting services, Daniel’s Hosting (DH), has been taken down. Again.

Daniel Wizen, the German software developer who runs DH, said that this time the free hosting service provider is kaput… at least for the foreseeable future… which he also said, more or less, the last time, in September 2018, when hackers took down 6,500 dark web sites in one fell swoop.

Wizen acknowledged the attack in a post on the hosting provider’s portal, saying the recent attack happened last Tuesday – March 10 – in the early hours. At least, that’s when all the databases associated with dark web hosting were taken down.

DarkOwl – a darknet intelligence, tools and cybersecurity team that monitors DH and other dark web activity and analyzed the September 2018 breach – spotted Wizen’s post and shared on Twitter March 10. This is the same day that Wizen says its hosting database was deleted.

As Wizen says, he discovered that a new database had been created with user permissions. However, he can’t do much with it: without his hosting database, he can’t know who they are and how they got the full permissions on the platform.

According to ZDNet, the attack destroyed 7,600 sites. Wizen says he’s not entirely sure when it happened or who did it. If anyone has any thoughts on the vulnerability that may have led to the attack, or ideas for future releases or feature requests, he invites them to share feedback on his open source project.

Wizen has also invited supporters to contribute to his efforts: invitations that suggest he’ll likely resurrect the hosting provider at some point. At this point, he’s fed up, he says. He gives freely of his time, which is in addition to his full-time job. It takes time, he said, especially given the work involved in “keeping the server clean of illegal and fraudulent sites.”

I spend 10 times more time deleting accounts than finding time to continue development. At the moment, I don’t plan to continue with the hosting project, but that doesn’t have to be the end.

How clean are Daniel’s Hosting servers? When DarkOwl analyzed the sites demolished at the time of the 2018 attack, its analysts found that out of 6,500 sites, the world had lost the following – not all of which you’d call “I’d eat off that plate” clean :

  • 657 hidden services had the title “Site hosted by Daniel’s hosting service” and nothing else (but may have been used for something other than serving web content).
  • 457 hidden services contain content related to piracy and/or malware development.
  • 304 have been classified as forums.
  • 148 were chat rooms.
  • 136 included drug-specific keywords.
  • 109 counterfeit content.
  • 54 carding information specifically mentioned.
  • More than 20 refers to weapons and explosives.

DarkOwl says stay tuned: it is currently preparing an analysis of what the Dark Web lost in last week’s attack on DH.

Of course, not all Dark Web sites are devoted to illegal activities. Some are there for the privacy-conscious and/or for those who live in areas of strict government censorship and repression.

According to ZDNet, by design, the hosting service does not keep backups. Wizen believes the attack only affected the main database account, not the accounts of users who had hosted sites on its platform. Still, he said, users should “treat all data as leaks” and change their passwords if they reuse them on other sites. Which, of course, underscores the fact that none of us should reuse passwords, whether we’re political dissidents or willing to engage in less than desirable activities (although we find it hard to feel sympathy for them if their credentials are hacked).

Prevention is better than cure, says Wizen – especially since he hasn’t had much time to figure out what exactly happened:

[As] I am currently very busy with my daily life and other projects, I decided not to spend too much time investigating.


Latest Naked Security Podcast