Home » Articles posted by mrOnion

Author Archives: mrOnion

Setup MySQL on Ubuntu

Setup MySQL

Setup PHP on NGINX

Setup PHP

  1. Add the below software and repository
    > sudo apt-get install software-properties-common
    > sudo add-apt-repository ppa:ondrej/php
    > sudo apt-get update
  2. Install PHP 7.1
    > sudo apt-get install php7.1
  3. Install common PHP modules
    > sudo apt-get install php7.1 php7.1-cli php7.1-common php7.1-json php7.1-opcache php7.1-mysql php7.1-mbstring php7.1-mcrypt php7.1-zip php7.1-fpm
  4. Edit the php.ini file
    > sudo vi /etc/php/7.1/cli/php.ini
  5. in the php.ini file type /cgi. and hit enter to find the below line and edit
    cgi.fix_pathinfo=0
  6. Restart the PHP 7.1 service
    > sudo service php7.1-fpm restart
  7. Edit the NGINX config to enable PHP
    > sudo vi /etc/nginx/sites-enabled/default
    Remove the comments from the below php settings
  8. Restart nginx service
    > sudo service nginx restart
  9. Enable PHP and nginx to start on reboot
    > sudo systemctl enable nginx.service
    > sudo systemctl enable php7.1-fpm.service

Use custom .onion address

Changing generic onion to one generated earlier

  1. Check the current .onion generated when you first setup TOR (in case you want to use it)
    > cd /var/lib/tor/hidden_service/
    > cat hostname
  2. If you wish to use a custom address, delete (or move) the old keys
    > cd /var/lib/tor/hidden_service/
    > rm -rf *
  3. locate the keys to copy
    > cd /home/<your username>/Downloads/mkp224o/<key folder name>/<key folder>/
    example
    > cd /home/user/Downloads/mkp224o/websitekeys/websitehz44l75xucojrrqofi4v7rn4y75wu6ocn7zbwjazgr44prfyd.onion/
    > ls -al
  4. Copy the generated keys to the onion service location
    > sudo cp * /var/lib/tor/hidden_service/
  5. change ownership of the copied keys so the service can access them
    > sudo chown debian-tor:debian-tor /var/lib/tor/hidden_service/*
  6. restart the tor service
    > sudo service tor restart

How to create a .onion Web Server

Setup NGINX from the APT repository

  1. > sudo apt install nginx
  2. Edit the web server config to link it to tor listening on port 80
    > sudo vi /etc/nginx/sites-enabled/default
  3. Change the listen (so it only points to 127.0.0.1) and server name (points to onion address) in the config
  4. Restart nginx service
    > sudo service nginx restart

Setting up the Website

  1. go to /var/www/html and delete the files there
  2. create a test file and test the web address
    > vi index.html
    type in some text and save the file
  3. Visit the website and confirm its accessible (your address should be different)

how to secure a .onion server

Change OS Host DNS to run through TOR

  1. > VirtualAddrNetworkIPv4 10.192.0.0/10 AutomapHostsOnResolve 1 TransPort 9040 TransListenAddress 127.0.0.1 DNSPort 53
  2. Change Name Server
    > vi /etc/resolv.conf
    > nameserver 127.0.0.1
    > sudo service network restart

Secure NGINX

  1. https://geekflare.com/install-modsecurity-on-nginx/
  2. https://www.rosehosting.com/blog/how-to-secure-your-lemp-stack/

Using Knockd for remote access

  1. https://www.techrepublic.com/article/how-to-obscure-open-ports-with-knockd/

How to create a .onion service

For a .onion server you will need to have a linux server, in this example we will use Ubuntu (u can use the same server we setup to generate the address, or use a third party such as AWS, Azure or Alibaba Cloud)

Installing the Services

  1. install TOR using APT
    > sudo apt install tor

  2. Confirm that Tor is up and running on port 9050 by using the ss command
    > ss -nlt

  3. check to see if you are using the latest TOR version
    > tor –version

  4. check to see if you are using TOR
    this will show your public IP
    > wget -qO – https://api.ipify.org; echo

    this will show your TOR IP
    > torsocks wget -qO – https://api.ipify.org; echo

Setting up the Server

  1. Edit the torrc file (config file for tor services)
    > vi /etc/tor/torrc
  2. scroll down the page using the arrow keys on the keyboard until you find the lines:
    #HiddenServiceDir /var/lib/tor/hidden_service/
    #HiddenServicePort 80 127.0.0.1:80
  3. uncomment (remove the #) from the 2 lines so it looks like below
    HiddenServiceDir /var/lib/tor/hidden_service/
    HiddenServicePort 80 127.0.0.1:80
  4. Save the config by pressing the “Esc” key and typing :wq (write, quit) and hit the “Enter” key
    > :wq
  5. restart the service
    > sudo service tor restart

How to create a .onion address

.onion addresses are no longer short (v2) 16 generated characters but are now using 56 characters under version 3.
Old .onion address – yyhws9optuwiwsns.onion
New .onion address – hello23twa7k536qggxfeqm4orwohwlca3ln6f43b4splcym57msaxid.onion

You can use a generator to make a more legible .onion address using the below method, but at this stage the method is only supported under linux.
Note: Generating your own name isnt REQUIRED, as you can use the default generated when setting up the tor service.

Create a Linux Virtual Machine to Generate a vanity address generator for a ed25519 onion services.

  1. Install Hyper-V (free) on your Windows 10 machine -> https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v
  2. Download Ubuntu Desktop -> http://releases.ubuntu.com/19.10/ubuntu-19.10-desktop-amd64.iso
  3. Install Ubuntu on the Hyper-V -> https://www.windowscentral.com/how-run-linux-distros-windows-10-using-hyper-v

Using mkp224o to generate the .onion address

  1. Download mkp224o from Github -> https://github.com/cathugger/mkp224o/archive/master.zip
  2. through GUI or Terminal, extract the .zip to the Ubuntu installation.
    > unzip mkp224o-master.zip
  3. Generate the configure script
    > ./autogen.sh
  4. configure the make script before compiling
    >./configure –enable-amd64-51-30k –enable-intfilter –enable-binsearch –enable-besort
  5. build the binary to generate the .onion addresses
    > make

Be aware to generate a bunch of addresses, can take hours or weeks, use the below code and when generating will create a folder of the .onion address, which will include the private and public key for use
note the keys are in binary form and cannot be read in a text editor

> ./mkp224o <beginning text> -B -S 5 -j 16 -d keys
-B = use batching (generate a large number or sets)
-S = print statistics every # of seconds… in this case, every 5 seconds
-j = number of threads to use in the CPU
-d = directory to store the generated keys

e.g
> ./mkp224o website -B -S 5 -j 16 -d websitekeys