Tor is an anonymous, secure network that allows anyone to access websites with anonymity. People normally use Tor to access normal websites, but they don’t have to. If you want to set up your own anonymous website, you can create a hidden service Tor site. Your hidden service website runs entirely within Tor, so no one will know who created and runs the website. Only people using Tor can access it, though. Hidden service Tor sites are ideal for anyone who wants to set up a website anonymously, such as political activists in repressive countries.
Not all hidden services have to be websites. You could create an SSH server, IRC server, or any other type of server and offer it as a hidden service on Tor. This tutorial will focus on setting up a hidden Tor site using the Savant web server – which Tor recommends – on Windows. The steps can also be applied to other operating systems and web servers.
Step 1: Install Tor
To get started, you’ll have to download and install Tor on your computer. If you already have it installed, you can skip this step. By default, Tor installs the Tor browser bundle, which includes a specially configured Firefox browser.
You’ll see a green onion icon in your system tray when you’re connected to the Tor network.
Once it’s installed, you can check out an example hidden service by plugging duskgytldkxiuqc6.onion into your Tor web browser’s address bar.
Tor must always be running on your system for the hidden service to be accessible. If your computer is off, disconnected from the Internet, or if Tor isn’t running, the hidden service Tor side won’t be accessible. This does have some anonymity implications – it’s theoretically possible to infer whether or not your computer is running the hidden service by seeing whether it’s accessible when your computer is off.
Step 2: Install & Configure A Web Server
You’ll need a web server to serve the hidden service site from your system. Tor’s official documentation recommends against using the common Apache web server. Instead, Tor recommends using the Savant web server on Windows or the thttpd Web server on Mac OS X, Linux and other UNIX-like operating systems. Tor’s documentation notes that Apache “[is] big and has lots of places where it might reveal your IP address or other identifying information, for example in 404 pages” but also notes that “Savant probably has these problems too“.
The takeaway is that web server configuration is very important. If you’re running a very sensitive hidden Tor site, you’ll want to go through your web server’s settings and ensure it isn’t leaking any information that could be used to identify you, such as your IP address.
We’ll use Savant as an example here, but you can set the same options in other web servers. To configure Savant, launch its main window and click the Configuration button.
From the configuration window, you’ll need to set the “Server DNS Entry” box to “localhost” to bind Savant to localhost. This ensures your website is only accessible from your local computer, so people can’t access it over the normal Web and see you’re hosting the hidden service Tor site.
You’ll also have to note the port number you’re using.
After the web server is configured, you’ll want to add your content. By default, Savant uses the C:\Savant\Root directory (you can change this from the Paths tab). Ensure you replace the index.html file in this directory with the file you want as your homepage.
You can verify it works by typing localhost into your main browser’s address bar. If you set a different port instead of 80 – say, port 1000 – type localhost:1000 instead.
Step 3: Configure The Hidden Service
Now that Tor’s installed and a web server is running, all you have to do is tell Tor about it. You should be able to add this information to the torrc file through the Vidalia graphical user interface, but I experienced errors and had to do this by hand.
First, shut down Tor if it’s running.
Next, locate your torrc file. If you installed the Tor Browser Bundle, you’ll find it in the Tor Browser\Data\Tor directory. Open this file with Notepad or another text editor.
Add the following section to the end of the file:
# Hidden Service
HiddenServiceDir C:\Users\Name\tor_service
HiddenServicePort 80 127.0.0.1:80
Replace C:\Users\Name\tor_service with the path to a directory Tor can read and write to on your system. Do not use the directory that already contains your website. This should be an empty directory.
Replace the :80 with the port the web server is using on your system. For example, if the web server is running on port 5000, you’d use the line HiddenServicePort 80 127.0.0.1:5000.
Save the file after editing it. You’ll also have to create the directory you specified, if it doesn’t already exist.
Restart Tor after you do this. Once you have, you’ll want to check the Message Log to see if there are any error messages.
If the Message log is free of errors, you’re good to go. Check out the hidden service directory you created. Tor will have created two files in the directory – hostname and private_key. Don’t give anyone the private_key file or they’ll be able to impersonate your hidden service Tor site.
You’ll want to open the hostname file in Notepad or another text editor. It will tell you the address of your new hidden service Tor site. Plug this address into your Tor web browser and you’ll see your website. Give the address to others so they can access your site. Remember, people must be using Tor to access your hidden service site.
Have you used Tor or set up a hidden Tor site? Be sure to share your experiences and any tips you have in the comments!
Image Credit: Blurred Silhouette via Shutterstock
MakeUseOf Recommends
More articles about:
Hide 38 Comments
cool !
It really is. I actually had no idea Tor could do this until recently! It ought to be more publicized.
LOL but then …. it wouldn’t be a ‘secret’ anymore ;)
Secret and anonymous are two different things.
I honestly can not think of one legal/morally/ethically correct reason why a person would need this?
Then you aren’t thinking hard enough.
There are plenty. Web based chat or instant message service using xmpp or similar protocool’s for one. Remember, you don’t have to have something to hide to be anonymous.
Yup, XMPP, IRC, an FTP server — any type of server or service.
And you don’t have to have something to hide to want privacy, exactly. I wouldn’t want a camera in my bathroom or bedroom.
Hi bemused, I put an ethically correct reason in the article: journalists and activists in repressive countries.
Or whistleblowers fearing reprisals.
And yes, activists in repressive countries may be breaking that country’s laws — that’s the point.
The only repressed country I know of is Israel. Why didn’t you include that in your article you two-faced kike.
I’m guessing you’ll need a web server and a dedicated connection for this? The home-brew dial-up sites of old are, well, too old nowadays…
You could use this method to host a site on your desktop machine, but obviously a web server and dedicated connection are helpful for other reasons (24/7 uptime being one of them)
Hi and thanks for the interesting article.
I have a question: If I enter the the onion-link (for example a1b2c3.onion), it should refer me to a1b2c3.onion/index.html, right? What happens is, that it tries to refer me to localhost:/index.html, which gives a document not found error. Is there any way to fix the redirect error? When I enter a1b2c3.onion/index.html it works fine.
Greetings
Skalli
That’s odd, I’m not sure — I followed Tor’s recommendation to use Savant, and the instructions here jive with both project’s official documentation at https://www.torproject.org/docs/tor-hidden-service.html.en and http://savant.sourceforge.net/docs/04_02.html
I’ve read those links to, that made me look for Savant. But with this trouble it’s pretty useless though. I was just fidling around anyways, but it’s always interesting to learn and try new stuff. ;)
Thanks anyways! :)
And an addition: It’s not Savant, it’s probalby Tor. I tried it with nginx: Same result.
Send the link to a friend: It works… :)
Looks like I’m forwarded to localhost, I’m running the webserver on another machine, but in the same network,maybe that’s why this is happening.
Thanks for sharing your experience! It seems to work for external users, which is what really matters.
Dear Chris thank you for lovely tutorial, i did exactly like you describe with savant, but i can access the onion site only on my computer, i cant access it from other computer or friends computer, what am i doing wrong??
I’m not entirely sure, to be honest. It worked for me and it seemed to work for others here — I’m no expert on Savant, I just recommended it here because Tor themselves recommend it.
Does anyone else have any tips?
Merch, have you forwarded the correct port on your router?
Its working……..Now I have to test from other newwork
A rather odd way you can use it is to relay to the extern a web interface, for some application that does provides it (such as TightVnc, among the others), from behind a dynamic ip connection, without having to bother too much with DynDNS and others the like, and to take yourself the hassle of setting up the ssh tunneling needed to make it secure (the connection never leaves the TOR network, which means that it the main weak point of the TOR architecture, the exit point, is eliminated and all that rest are a bunch of scarsely traceable ssl tunnelings).
It is quite a forceful way to misuse this technology, as it is most surely not what it was designed for, but one perfectly legit.
Even in the most democratic of the possible worlds, where one had absolutely no reason to suspect malfeasance on ppart of his government.
That’s an interesting use. Still, you shouldn’t really abuse it – Tor isn’t for BitTorrent and other high-bandwidth things. If you’re running heavy server software, I wouldn’t do it through Tor — it’d be on the slow side, anyway.
hey, i’ve follow your tutorial and it works great but when i tried to access my website i get an error that say firefox can’t establish a connection. any thought.
I’m honestly not sure. Tor recommends the Savant web server, but there isn’t as much documentation about it as Apache…
Tor is all well and good but the only problem is its speed. Do you know of any way to increase speeds of connections to sites inside the network?
No, I don’t think so. The slow speed is just a consequence of Tor’s architecture. You’re not connecting directly, you’re connecting through a variety of middlemen and taking the scenic route.
Ah, that makes more sense to me now. Thanks for clearing that up!
I am so frustated, i did everything correctly and i can connect to my hidden service while in tor browser, i type localhost in chrome it works,but when i type local host in tor browser or put my onion link i got it says unable to connect to server ugh.
Hmm, I’m not sure how to help — there’s not much troubleshooting info out there for Savant.
Maybe I should’ve ignored Tor’s recommendations and gone with Apache anyway. Sorry it’s such a pain — you can always try Apache or check out tor’s official documentation for this: https://www.torproject.org/docs/tor-hidden-service.html.en
If you are using Windows Vista or 7, this could be your inherrent problem for the tor site. I installed everything exactly the same on Win 7 with WAMP, and it had external connection problems. When I did the EXACT same thin on Win XP Pro, NO PROBLEMS! Seems older technology works better sometimes.
Weird. Maybe Windows 7′s firewall settings were interfering?
I’ve run hidden services for a few years, but have always had a problem with reliability which is apart from the reliability of the hardware or network. It seems to have something to do with inactivity, where if I haven’t used my hidden service (website) in a while it may take several minutes for it to respond, but sometimes it stops responding even when recently active. These problems do not happen when the website is accessed locally or through the normal external web interface. Recently I installed a second website as a second hidden service on the same computer using the same apache. Since then I have found that the newer service is much more reliable than the older one, despite equivalent configuration. The most frustrating part of this is that I don’t know of any troubleshooting tools or documentation which could explain why a hidden service link would apparently deteriorate in reliability with age. Have you any insight?
Since yesterday I tried connecting to the old hidden service from another computer and it worked, even while it failed to connect to the first computer. The Tor browser versions are slightly different, 2.2.38-2 vs. 2.2.39-1. I also noticed some warnings in the tor log on the server about not being able to advertize all ciphers due to Tor not being up to date, yet the Ubuntu Lucid on that machine was up to date. So I am upgrading that server to Precise. If that doesn’t fix the problem (which has been going on at least two years), I might try moving to the development branch for Tor.
The upgrade went smoothly and the service seems to work OK for now. One problem I had after the upgrade was that my private key directory (hidden_service) was unreadable to tor even though its permissions and ownership were correct, apparently because I had relocated it to a home directory. Relaxing permissions on the parent directories had no effect. Moving it to the default location, /var/lib/tor, fixed the permission problem but would allow anyone in possession of the server to emulate the hidden service because the home directory was encrypted but /var isn’t. At least this got me thinking that some sort of intermittent permission or apparmor problem may explain the erratic service.
If there are any forums to discuss problems like this I would love to know. The torproject site itself says it plans such a forum, but I can’t believe this system has no community forum even though I can’t find it. I get the impression that searches are censored. I might think this were overly paranoid if I had not encountered clear cut dropping of emails containing the torproject.org link.
Try instead of localhost enter 127.0.0.1 in server dns entry.worked for me nowi can access my webserver from my home computer
Ive set up a tor test site s2hjvesx2elcubjf.onion
id love some to see if they ann connect