6,500 Darknet Sites down After Hosting Service Gets Hacked

Published on:
Blackhat hacker trying to do a cyberattack.
Daniel’s Hosting, a top darknet hosting service provider, has been hacked—bringing down thousands of darknet sites with it.

The users of the dark web have a lot fewer sites to visit. Hackers recently took control of about 6,500 darknet sites.

These attackers targeted Daniel’s Hosting, which is a top dark web host.

The hackers intended to access the hosting service and control it before deleting all its sites. They used Adminer and PHPMyAdmin to access the service.

Daniel’s Hosting

Daniel Winzen came up with the hosting service in 2013. His objective was to provide a private space for users to conduct legitimate business, unlike other sites on the dark web that can play the role of crime hubs.

Winzen’s service offered free accounts to users to reach dark web onion sites.

In 2017, Daniel’s Hosting became the largest dark web hosting services following the attack on Freedom Hosting II, the then leading darknet hosting service.

Your TOR usage is being watched

Anonymous hackers breached the service and took down 10,000 sites with it.

This hosting service, however, was infamous for the unlawful activities it hosted, including child exploitation sites.

The Attack

After the attack was mounted on Daniel’s Hosting earlier this month, Winzen focused on assessing the server to find the loopholes that may have made the hack possible.

He was hoping to restart the hosting service after dealing with its vulnerability.

Winzen discovered that Daniel’s Hosting had a PHP zero-day loophole.

Russian PHP programmers were aware of this problem a month before the hack. Besides, this information also spread to other infosec and programming groups one day before the hackers breached the service.

Hacker with white mask.
Hackers recently took control of about 6,500 darknet sites. These attackers targeted Daniel’s Hosting, which is a top dark web host.

Additionally, Daniel’s Hosting availed its source code on GitHub. Therefore, the code was accessible to potential attackers to evaluate its loopholes.

Although it seems obvious that the hackers attacked Daniel’s Hosting using the PHP zero-day loophole, Winzen still has some reservations about that assumption.

He states that it would have been difficult for the attackers to use this weakness.

Winzen had set up all the configuration files containing details for accessing databases as read-only.

The hackers could not have had the permissions they needed to access the server using the vulnerability. Winzen, therefore, is still looking for other weaknesses that the hosting service may have had.

Winzen, however, reports that there is still some content that the hackers may not have accessed.

He states that the hackers seem to have only gained administrative database access rights. Some of Daniel’s Hosting’s files and accounts were separate from the hosting setup.

The remaining contents of the hosting service give Winzen a chance to restart the hosting service.

However, it may not be possible to recover what the sites contained. Unfortunately, due to the high level of privacy that the dark web upholds, there is no backup for the sites.

There are several suspects of the attack. The perpetrators may have been law enforcement and intelligence agencies, cybercrime groups, political activists or other interested parties.

The Central Intelligence Agency is also part of the list of suspects. Each of these parties may have had a motive for the hack.

Why Hackers Have Been Targeting the Dark Web

Man typing on laptop.
The hackers intended to access the hosting service and control it before deleting all its sites. They used Adminer and PHPMyAdmin to access the service

Hackers have made more than one attempt to get rid of darknet sites. A more serious incident than the most recent one was that of Freedom Hosting II, as mentioned above.

Hackers often attempt to reduce the level of some of the more dark and nefarious activities that take place on the dark web.

For instance, Freedom Hosting II hosted child exploitation material in spite of its public declaration of zero-tolerance for the same.

The Anonymous hacker behind Freedom Hosting II’s takedown later specified that the attack was due to the hosting service’s misconduct.

In a more recent event, hackers launched an attack on Deep Hosting. The server had hundreds of sites on the dark web.

Instead of completely taking down the hosting service, the attackers only got rid of 91 of its websites. These sites provided platforms for the trade of stolen goods and drugs.

It is unclear, nonetheless, what exactly Daniel’s Hosting’s sites contained. Among the items it hosted, however, include political blogs and malware operations.

Although it is now impossible to determine the legitimacy of the hosting service after the hack, its availability on GitHub gives some proof that Daniel’s Hosting was transparent.

It would be unusual for a service hosting illegal activity to publicize its presence.

The motive for the attack on the hosting service remains a mystery as there is no explicit evidence tying Daniel’s Hosting to criminal activity.

Rival hosting services, however, may have perpetrated the attack, seeing how competitive the service was.

The dark has built its name as a platform for all sorts of private activity—lawful or not. Criminals have been using the dark web for such acts as the illicit sale and purchase of weapons and drugs, murder, child abuse and hate crimes.

It is, thus, difficult for darknet hosting services that only allow legitimate business to detach themselves from this reputation.


I am an analyst reporter with interest in current technology. Writing allows me to gain more knowledge and share it with others.
Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.