Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal’s entire database. This happened earlier this month, on March 10, at around 03:30 am UTC, according to a message posted on DH’s now-defunct portal by Daniel Winzen, the German software developer behind the service.
Hacker deleted all sites
Winzen said that an attacker accessed the DH backend and deleted all hosting-related databases. The attacker then deleted Winzen’s database account and created a new one to use for future operations. Winzen discovered the hack the next morning, at which time most of the data was already lost. The service doesn’t keep backups by design. In an email to ZDNet today, Winzen said he has yet to find out how the hacker breached the DH backend. However, since the dark web hosting service was more of a hobby, Winzen didn’t look too much into it. “I am currently very busy with my day-to-day life and other projects, I decided to not spend too much time investigating,” he told ZDNet. Winzen did point out that the hack only impacted the DH backend database account, but not the accounts of users who had been hosting sites on the DH hosting platform. However, Winzen said that users should consider the passwords for their DH accounts as “leaked” and change them if they used the same password for other accounts.
Site to remain down for the foreseeable future
For the foreseeable future, Winzen says that Daniel’s Hosting dark web hosting service will remain down. “This is a free-time project I do next to my full-time job, and it’s very time consuming to try and keep the server clean from illegal and scammy sites,” Winzen said. “I spend 10 times more time on deleting accounts than I can find time to continue development,” he added. “At this time I do not plan on continuing the hosting project.” Winzen says that users who need free hosting for dark web portals can use other similar hosting providers like Freedom Hosting Reloaded, Ablative Hosting, OneHost or IBHost . “I’m still planning on relaunching the service at a later time with new features and improvements,” Winzen told ZDNet. “Not having to administrate the services all the time will hopefully give me more time for actual development. However, it may take months before I’m ready to relaunch.”
Second hack
The Daniel’s Hosting service was previously hacked in November 2018, when a hacker similarly breached the site’s backend database server and deleted all sites. More than 6,500 were wiped at the time. Daniel’s Hosting became the largest web hosting provider for dark web services after the Anonymous hacker collective breached and took down Freedom Hosting II, another popular dark web hosting provider. In 2017, Anonymous said it took down Freedom Hosting II after they discovered that the hosting provider was sheltering child abuse portals. Daniel’s Hosting has escaped such accusations across the years through an aggressive moderation policy, which, although not perfect, helped Winzen discover and take down abusive sites hosted on his service.