Necessary IT skills for operating an onion website?

I've worked in IT on and off for the last 8-10 years or so. Mostly in basic tech support style stuff and dabbling in some other areas such as web design and working with servers. I'm curious as to what fields one might need to brush up on and would need to study if they wanted to launch their own Tor/Onion style site and have good security. Similar to darknetmarkets and gammagoblins site etc. I'm not a dealer but a curious person and this stuff interests me a lot and supports freedom on the internet.

Tl;dr What are the associated IT fields one would need to study if they wanted to launch a darknet style market?


Comments


[32 Points] mymuse100:

Gg just uses a wordpress site with a woocommerce addon. And a server that accepts btc. Wallets arent even stored on the site if u use woocommerce

Something like AB ALOT MORE WORK.


[22 Points] ecstasais:

Given your introduction I can say you're not qualified, nor will ever be.

But to answer your question:

You'd need (absolute minimum):

1) At least 3-5 years of hardcore Linux/software engineering expertise;

2) Security (the thing has to be secure in all layers. Ideally data should stay inaccessible even if a hacker (LE) gains access to the running OS (which would be the main target when it comes to OS/Disk level encryption). All hs service components should be separated from each other with both application and network level firewalls (including securing data flows even on lo- interface). All HS public facing components must be JAILED (quite easy to do with "ip netns" shit):

3) You must learn, and study how Tor works, how most attacks are being (or were in the past) committed;

4) You must understand and be able to perform XSS and other type attacks on sites. Only then you can create a secure site yourself.

Actually... a few months ago I drafted a (in my opinion) secure and better hidden service design: http://hmwgbopa3sf42sxvkqs6drmkx23rdf7pmhfxmkbyffbdtdngtv262yid<dot>onion/Service.jpg

At least I wouldn't settle with anything less than that.

No, the url above isn't flawed. It's Tor v3 long URL- I'm officially one of the upcoming Tor v3 testers and bug hunters. So suggestion: Familiarize yourself with differences between Tor of today and Tor of tomorrow. If one wishes to start building something today, it must be built with to leverage on security and settings built into Tor v3.

Also: It all starts from mentality. Hidden site builder/operator must have customer's security as TOP1 priority. A HS must be built in a way that users' private data is encrypted only with their own credentials. There's hardly any need to use central/master encryption key when it comes to messages and data flow from user A to B and vice-versa. A few months ago I actually designed, and implemented POC of inside-database per-row/column encryption solution - so it's doable. And (centrally) inaccessible.

PHP must be hardened too - at least with https://suhosin.org/stories/index.html patch (pretty good thing, can tell you from my own experience)

And above all: Build a thing that even you yourself can't hack into. I would personally come and decapitate you if I knew that you have any bits of user data as plaintext.

Also, I would build a strong analytics and reporting into the thing. Helps easily spot and react to all kinds of anomalies starting from hacking, attacking to phishing...

Ok, I think it's enough for now. Otherwise I could go on and on and and I would start looking like me during my security lectures at different events.

Good luck!


[9 Points] al_eberia:

Read this: https://www.reddit.com/r/al_eberia/wiki/doxbin


[8 Points] onionmanchild:

Skill numero uno: don't ask how to run a darknet market on reddit


[9 Points] Aliasu:

Web development including both front and backend scripting.

Some sort of skill in Linux sysadmin, including routing, firewall configuration, and proxy’s.

No Windows, no Wordpress (Lol), no 3rd party apps that warrant additional security concerns. I would also assume you’re familiar with encryption. Both asymmetric and symmetric algorithms. SSH keys, disk encryption etc ...

Knowledge of bandwidth, link speeds and maybe peering etc ... if you aim to deploy a large site, also look at the scalability of your infrastructure including HA to mitigate downtime.

Knowledge of security and how it applies to your application or project. This includes patching your infrastructure.

Automation would make your life a lot easier especially for 5 9’s availability. Ansible is my go to. Fuck you Chef!

Source : I am a senior enterprise infrastructure and systems engineer.


[2 Points] museacc9000:

After being around since 2011, I've learned a lot, I'm a programmer myself, I've been working on a DNM as a project for around a year to make it as good as it can be, and not something based off an already existing CMS. Security is always the number 1 priority, and a backup for any bitcoins on the server. I will probably launch what I finish since I know how things work.

But nothing is really 100% hacker safe, it's just how smart you play it


[1 Points] abu7:

We need more people like you, most of all, people who can answer your questions! Only then would we be able to create onion sites.


[1 Points] Thx002:

to sell just use shopify with bitcoin wallet lol make account with fullz lol


[1 Points] AurealisUK:

If you have to ask you absolutely 100% should not attempt it.

You might as well ask "How do I safely remove my own appendix?". It is possible, and it's been done before, but you're not going to be able to figure it out from reading some posts online.


[1 Points] AurealisUK:

If you're actually interested in freedom on the internet and not just looking to make a quick buck, take a look at my proposal over here: https://www.reddit.com/r/DarkNetMarkets/comments/75yxsh/time_for_an_open_source_dnm/


[1 Points] dnmdrugsuk:

Very good netsec, pen testing, server administration, PHP (I imagine), networking, tor, cryptography, bitcoin, money laundering. Working in IT or being good with computers does not mean you can start a market.

Apparently you can use wordpresses for smaller vendor sites/onions, but you will still need to know your PHP and understand and verify everything you are putting on their is safe.