Published on September 7th, 2018📅| 0
Many misconfigured Tor sites expose the public IP address via SSL certificates
Security researcher discovered that many misconfigured Tor sites using SSL certificated could expose the public IP addresses of underlying servers.
Properly configured servers hosting hidden services have to listen only on the localhost (127.0.0.1) instead of any other public IP address.
“The way these guys are messing up is that they have their local Apache or Nginx server listening on any (* or 0.0.0.0) IP address, which means Tor connections will work obviously, but also external connections will as well,”
Klijnsma explained to BleepingComputer. “This is especially true if they don’t use a firewall. These servers should be configured to only listen on 127.0.0.1.”