[tor-talk] Shodan & Hidden Services

grarpamp grarpamp at gmail.com
Mon Apr 24 23:17:51 PDT 2017


> So it turns out that Shodan - a kind of multi-protocol Google-alike search
> engine for metadata and protocol headers - has indexed a bunch of Onion
> sites which were configured to leak their (onion) hostnames into protocol
> headers.
>
> https://www.shodan.io/search?query=.onion%2F
>
> This is... tragic, perhaps, and avoidable to varying extents (eg: my
> proposed setup process*) but the situation also possibly presents an
> opportunity for anyone who has identified addresses of sibyl/other naughty
> tor-infra-impacting activity, to maybe check some logs and see if any
> badly-configured onions were also hosted on the same addresses/subnets, get
> some concept of what hidden services were hosted there, and what they may
> have been up to?
>
> https://twitter.com/AlecMuffett/status/855542397165502464

If people think onionland is some errorproof perfect
configuration zone, free from scam, free from agents, free from
discovery, free from all manner of trickery, buggery, debuggery,
bauchery, exploit, or the bore of ever September, and so on....
nope, it's been quite the opposite since day one.
That people are only recently studying finding and publishing
these things, claiming as news twatter to a hat, is rather amusing.
And of course such work is fine endeavour and report as well.
Have fun.


More information about the cypherpunks mailing list