News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Onion security : Dread | Torhoo darknet markets

Does anybody know where to find information on onion security and anonymity for developers?
I am specifically looking for resources what technologies / best practices are the safest for running an onion site and staying masked.
What technology stack does dread use?
/u/Paris A
5 points
3 years ago
You should look in /d/opsec /d/programming and /d/hacking

I recommend running with dedicated servers with fake (but real) information, using /d/Endgame (with vanguards), and burning the server randomly on a monthly basis. Visualize stuff as much as possible. KVM is easy enough to use in that way.

Dread is built on a cluster of geographically distributed servers. We use NGINX (with modules), Lua, python, PHP, golang, MySQL, elasticsearch, containerization, KVM, Zen, tons of stupidly complex networking logic, and Redis. The fronts to get into dread are in large part just containerized /d/EndGame fronts with some customization. Onionbalance is used to make a single URL. We also do have an i2p endpoint up (with i2pd) but it's still too unstable for me to post about it yet (probably something to do with how it's connected to the world and how it connects to the cluster).
/u/001 📢
1 points
3 years ago*
This is great, I will enjoy learning from the source code of Endgame.

I am curious on your thoughts about any stacks that should be avoided, on another post I read that NodeJS was one of them.
I have not invested too much into one particular back-end in terms of knowledge, so I am looking for the best option on tor security/anonymity.

As of now I am considering .NET, NodeJS or some Python framework. However I am on the fence about PHP, I have seen some posts down talking it but have yet to research it independently. (I am thinking that since PHP is very mature that it will be great for security)
/u/Kyle
1 points
3 years ago
PHP is fine, however it is easy to make mistakes especially for new developers.
/u/001 📢
1 points
3 years ago
How is it 'easy to make mistakes' compared to other languages, do you have an example?
/u/cornilius
1 points
2 years ago
Every language ever is easy for beginners to make mistakes in. Beginners make mistakes by definition. However languages like PHP can be particularly dangerous as credentials, or other private data can be exposed by novice programmers in the frontend. The use matters. Something like a little desktop java app, there's not necessarily any security flaws. A mistake means the program simply doesn't work as expected. A mistake in a web, server side language like PHP however, can result in private info being exposed to the public.
/u/cYpb9TW7iYQ
1 points
2 years ago
As you said, every language is easy for beginners to make mistakes in. Plus PHP is not the old PHP anymore. If you read the docs, there is a function for everything now to make it as secure as possible. There are guidelines that you may not find for other programming languages and so forth. It is actually quite difficult to make PHP not secure, unless of course when it comes to php.ini and its default settings which are usually crap. :P
/u/cornilius
1 points
2 years ago
Languages may implement safeguards, but trust me, I assist beginner developers every day, in a variety of languages. They will find a way to fuck it up.
/u/sirtet
1 points
3 years ago*
[removed]
/u/Paris A
1 points
3 years ago
Fake information on the server registration but it is from real people. Ideally those who can be monitored so you can see if a server is compromised.

Look at /d/EndGame for some of the modules. OpenRusty makes so many things possible. Main site logic is, mostly, in PHP with some goland (and now rust too).

Docker is a container solution for applications. But it is too proprietary for our needs. We needed lower level system containers. In large part it's LXC. The deployment scripts handle all the version control shit.

Just search networking logic and you will understand. It's basically how two servers, containers, virtual machines, talk to each-other.

Search up onionbalance and learn how it works. It's basically DNS load balancing on the Tor network. All endgame fronts are independent. If you could find the URL you would be able to access.
/u/sirtet
1 points
3 years ago
[removed]
/u/Paris A
1 points
3 years ago
In my mind there are ideal uses for certain things. A container is for a service which it's state at runtime doesn't really change at all, it doesn't really need updates, but it just needs to be there. A virtual machine is for something which stores state and has a risk of compromise. It basically deals with isolation vs performance. LXC would be for the EndGame fronts while virtual machines would be for the application code.

The network logic is not so much a VPN but how the different servers talk to each other and how each individual container and virtual machine can communicate both inside and outside the cluster.

Rust is fucking fast and super safe when it comes to memory handling. I've had crashes on golang which the rust compiler would have caught and prevented. Mostly it is safety. I sacrifice coding speed to make sure things are memory safe.
/u/kbqfmn
1 points
3 years ago
What do you mean?
/u/anonchansama
1 points
2 years ago
Just commenting so that I can comeback to this later
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo