0

This is my first question so please bear with me. I looked for answers to my question, but found none unique to my issue.

I recently tried my hand at hosting an onion site with Python3 and the Tor browser. I created a directory called "tor_service" and placed a simple index.html file inside.

I then ran python3 -m http.server --bind 127.0.0.1 8080 in the same folder. Next, I opened another terminal session and started the Tor client. I navigated to, and appropriately modified the torrc file under the "hidden services" section, using port 8080. I opened my browser and went to localhost:8080 to verify everything was working. To my surprise, I saw the simple web page I wrote. So far, so good.

I then navigated to the Tor folder that contained the hostname to get the unique oinion address, and using cat hostname, obtained the string of characters followed by .onion.

I pasted the onion address in the Tor browser and again, I saw the simple html page I wrote.

Here's the problem: when I shut down my computer for the night, resumed the next day, and started the Python server and Tor client, instead of displaying my web page, I got a page that read "Directory of /" that displayed all of the folders on my hard drive. This is obviously a serious security issue. Not only were the folders on my hard drive on display for the web to see, they were all hyperlinks.

I don't understand what I did wrong. I didn't modify or move any files or change any settings, and I started the Python http.server and Tor client as usual.

I closed the terminal windows opened new ones, but got the same results. A third time resulted in the same outcome. I understand that using the Python "server" isn't the optimal method to host a site, but if I can't get something so simple to work, I fear I won't be able to actually write (much less diagnose problems on) a more robust server that operates using more than a single line of code.

I'm using the Linux subsystem on Windows 10 and the latest iteration of Ubuntu (20.4, I think).

Any pointers are greatly appreciated. I can craft and style a nice looking webpage, but I'd like to get proficient at the back-end side of things.

Jerz
  • 19
  • 2
  • 3
  • 1
    Are you looking for this site to be used by other consumers ? If your answer is yes, then I would suggest you to please rethink for making use of the Simple HTTP server provided by Python, as the owners themselves claim it's not fit for production: https://docs.python.org/3/library/http.server.html – DhakkanCoder Feb 02 '21 at 17:35

1 Answers1

0

Are you sure you have navigated back to the project folder in your terminal?

If you're running the

python3 -m http.server --bind 127.0.0.1 8080

command immediately after opening the terminal, it will run in the 'default' folder rather than your project folder (you'll need to 'move' back into the project folder using cd).

mcatee
  • 41
  • 4
  • Yes, I'm running the server from my project folder. It seems python isn't recognizing my index.html page but, rather simply displaying the contents of the project folder. I tried the same process with a non-hidden service html project, and the index page seems to display, (minus the images for some reason). I've double- and triple-checked all of my file paths, and there are no errors. – Jerz Feb 07 '21 at 19:32