Daniel's Hosting, the Biggest Dark Web Hosting Provider, Was Hacked
NEWS

Daniel’s Hosting, the Biggest Dark Web Hosting Provider, Was Hacked

One of the largest providers of Dark Web hosting services has been hacked, security researchers reported.




Apparently, the service known as Daniel’s Hosting was hacked and taken offline. Daniel Winzen, the hosting’s developer, says that the incident occurred on November 15. He believes that someone got access to the database and deleted all the accounts, including the server’s root account.

Related:
The trade of digital code signing certificates is currently blooming. The certificates are used to verify software products, proving they are legitimate.
Stolen Code Signing Certificates Are the Hottest Dark Web Trend

All 6,500 Accounts Hosted on Daniel’s Hosting Are Lost for Good

The impact of the hack is quite serious, as all of the Dark Web services hosted there are now gone. The number of lost services is bigger than 6,500, and because of the design, there are no available backups. The hosting will be brought back once Daniel Winzen discovers the vulnerability that caused the hack.

In a conversation with ZDNet, the developer revealed the following:

As of now I haven’t been able to do a full analysis of the log files and need to further analyze them, but based on my findings so far I believe that the hacker has only been able to gain administrative database rights. There is no indication of having had full system access and some accounts and files that were not part of the hosting setup were left untouched.

Daniel has been searching for the core of the issue, and so far he has identified one vulnerability – a PHP zero-day that has been known for about a month by Russian programmers. It is curious to mention that more attention was drawn to the vulnerability the day before the hack on Daniel’s Hosting happened. However, Daniel feels that the zero-day is not the root cause and point-of-entry of the hack that took down his platform:

It is a vulnerability reported as a possible point of entry by a user and my setup was, in fact, vulnerable. However I would deem it as unlikely to have been the actual point of entry as the configuration files with database access details were read-only for the appropriate users and commands run by this vulnerability shouldn’t have had the necessary permissions.

Related:
Readers should be aware of the Dark Web security risks, best practices and other useful advice that is needed to safely interact in this network.
Do’s and Don’ts of the Dark Web

The reason Daniel’s Hosting got hacked may be because the platform’s source code has always been available on GitHub. As to who might have been interested in hacking it, the list of suspects is quite large. The hosting has been used to host a range of dubious content, including malware operations and political blogs.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...