• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

TOR Traffic Data leak Caused by Misconfigured Apache Servers

February 1st, 2016 Owais Sultan Leaks, Privacy, Security 0 comments
TOR Traffic Data leak Caused by Misconfigured Apache Servers
Share on FacebookShare on Twitter

An unmodified default setting in Apache Web Servers revealed crucial details related to TOR traffic that passed through that server.

It is a well-known fact that the hidden areas (or underworld) of the Internet such as The Dark Web can only be accessed through specialized services like I2p or Tor because these services are restricted and anonymized thoroughly.

However, these services also require a host server to operate and several methods can be utilized for this purpose but the simplest one is to use an Apache Web Server with a Tor daemon to maintain the anonymity feature of the service.

Unfortunately, even with all of its data anonymity pledges, Tor couldn’t be as secure for users only because of a minor flaw in the Apache Web Servers default settings.

Reportedly, a default setting was left unmodified in the Apache Web Servers and this resulted in leaking the information about traffic that the server hosted as well as whatever was stored on the server itself.

However, this isn’t a new issue because .onion sites have been facing the same issue for over a year. In fact, it has already been reported on Reddit and the Tor Project. But, famous security guru and Facebook software engineer Alec Muffet brought the issue to limelight by tweeting about the blog post from an unidentified computer science student. In the post, the student explained about the issue and its ramifications.

Tor hidden service operators: your default Apache install is probably vulnerable https://t.co/kAzl9F4isR

— Alec Muffett (@AlecMuffett) January 30, 2016

[fullsquaread][/fullsquaread]

The default setting that causes this issue on Apache Web Servers is the Server Status module. It is usually activated by default and its output is available on every server if you access this URL:

The page displays data present on a server’s settings, resource usage, uptime, virtual hosts, active HTTP requests and total traffic. Such critical details can easily help an individual in detecting the timezone, relevant geographic position, IP address and language settings through improperly configured virtual hosts.

It isn’t merely an assumption because Tor website’s traffic was sniffed as per this theory by a student, who discovered an active Server Status page that was used by a Dark Web search engine.

When the student observed the active HTTP requests of the server, he could view whatever others were searching on that service; some queries were adult-rated. The student took a screenshot of one of the searches in which the user searched for: “How to get rid of 2 bodies.”

tor-traffic-data-leak-caused-by-misconfigured-apache-servers-2

If you are using Tor disable the module quickly all you need is to run this shell command only:

Here "ap2" refers to Apache 2.x, which is the latest Apache stable branch, "dis" refers to disable, "mod" refers to a module, and "status" means Server Status module.

You will be able to see a 404 or 403 error message while accessing this URL if you have disabled the Server-Status page.

  • Tags
  • Anonymity
  • Dark Net
  • dark web
  • LEAKS
  • Privacy
  • security
  • Tor
Facebook Twitter LinkedIn Pinterest
Previous article This is how hacked Israeli drone feeds look like
Next article Your HP Printer’s Hard Drive Can Be Used by Hackers To Host Malicious Files
Owais Sultan

Owais Sultan

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Related Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

22
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

47
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

60

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us