Blackout for thousands of dark web pages
Hackers have deleted more than 6,500 sites being held on a popular dark web server.
Called Daniel’s Hosting, the site was sitting on the hidden Tor network and many people used it to host pages they did not want to publish on the wider web.
Administrator Daniel Winzen said no back-ups were kept of the pages it hosted.
He said the site should be back in service in December.
“Around 6,500 hidden services were hosted on the server,” wrote Mr Winzen in a message put on the welcome page of the web companion to the site.
“There is no way to recover from this breach, all data is gone.”
Tor, or The Onion Router, is a way of organising web-like pages so it is hard to work out where the information is located and who is running them.
Web pages sited on the Tor network get a .onion suffix.
The Tor browser also lets people browse the web in a way that conceals their location and obscures their identity.
Daniel’s Hosting became one of the most popular sites for .onion site owners after the previously biggest host went offline in early 2017.
Daniel’s hosted a very wide variety of material including fan fiction, political tracts, philosophy books, porn, hacked files, videos, web marketplaces, crypto-cash forums and places where whistleblowers could leave documents.
Mr Winzen told the BBC that he was still trying to work out how hackers had accessed the site on 15 November, when all the data was deleted.
“As of now, I haven’t found the vulnerability,” he said.
The prime candidate is a newly discovered vulnerability in PHP – a computer scripting language used for website development – that was being circulated in some hacker circles shortly before Danwin was attacked.
However, Mr Winzen told ZDNet that he was not sure that this was the route the hackers took to gain access.
When the site returns, he said he would take the chance to change “some bad design choices of the past” and improve how it runs.
It is also not clear who broke into Daniel’s Hosting or why the data was deleted.
The Anonymous hacking collective has been behind takedowns of other dark web hosts but, so far, there is no sign of that group’s involvement in this attack.