Published on 01 Apr 2020 by Charlie
Daniel's hosting started as a personal project to host his own site and grew once users learned about his offer to host personal sites of other users for free.
The hosting service was first attacked in November 2018, when an unauthorised user gained access to the main database with administrator privileges and deleted all user accounts. Daniel recovered from the attack and used it as an opportunity to improve and update the service before reopening for hosting in December 2018.
On 10th March 2020, a message from Daniel was posted to the sites hosting page telling users that the service had suffered from another attack and that once again the databases were lost. It appears that the attack was similar to the past attack in that only the databases were affected, and user data was not compromised. Daniel has not published details on the vulnerability which was exploited by the attackers. Whilst Daniel hosts a large number of websites, markets and large forums usually have their own hosting and so will not be affected.
On 10th March, Daniel stated on his site:
“I have some sad news. On March 10th at around 03:30 AM UTC all databases related to my hosting were deleted from the database server. There was a new database user with full permissions. But given that my hosting database is gone, I can't associate it with an account to look deeper into how it got full permissions. As of now, it is not clear how or when the hack happened. If you have an idea, feature requests for future versions or maybe a fix for the vulnerability, please consider contributing to my open source project at https://github.com/DanWin/hosting.
Although this so far looks like a database only hack, similar to the November 2018 hack, you should treat all data as leaked and change your passwords on other sites, should you be using the same one elsewhere as on any of the sites I hosted.
There are roughly 390 GB of user data from 7595 user accounts on the server. I will keep the server active until 25th March so that everyone has a chance to download their current files (without database) via FTP or SFTP.”
Daniel states that he no longer plans on continue running the service, despite asking for contributions to his Github project via BTC via 17EH5c3zfzw8ictPxEujhuoULV4QZ4Stt7 which currently has around $40 in it:
“Being a darknet hoster has taught me many things. However, this is a free time project I do next to my full time job and it's very time consuming to try and keep the server clean from illegal and scammy sites. I spend 10 times more time on deleting accounts than I can find time to continue development. At this time I do not plan on continuing the hosting project, but this doesn't have to be the end. There are other hosting providers like Freedom Hosting Reloaded or OneHost and my project is available for download, which should enable anyone willing to become the next darknet shared hosting provider to start where I left of.”
On 11th March Daniel updated his message:
“private keys of hidden services are now copied and available in your /data/ directory. If you don't know your system account to connect via (S)FTP, it consists of the first 32 characters of your first onion address. If it was a v2 address, it's the full address (including .onion). Since yesterday I've got several messages asking me not to give up. The project in it's current state is a lot of work to maintain. I have many ideas on what to improve and which features to add. But after spending most of my time on answering mails or getting rid of just another 50+ scam sites every day, there is hardly any time for development. I may start another hosting project in the future, when I found time to improve the current platform. But it may take several months before I get there.”
Daniel is also responsible for developing the chat software ‘Lechat’ which is popularly used in many darknet chat rooms run by pedophiles. Daniel’s Hosting has been controversial because his service is frequently found to host illegal sites.
Try our Darknet Intelligence/Forensics tool for free, contact firstname.lastname@example.org
20 May 2020
The darknet market Europa, which offered a place of haven for users looking to buy drugs and weapons, including firearms, has become inaccessible. It is unclear as to whether the market was seized by authorities or if the seizure notice is just a ploy by the site admins in an attempt to avoid blame from its customers during an exit scam.
19 May 2020
Budget airliner EasyJet has released a statement notifying its customers that the email addresses and travel details of around 9 million user accounts were compromised in what it calls a “highly sophisticated attack", back in as early as January of this year.