Thousands of Darknet Websites Went Down Following Hosting Provider Hack

By Bill Toulas / March 26, 2020

“Daniel’s Hosting” (DH) got hacked again, and the 7,600 darknet websites that it was serving went offline. According to a ZDNet report, the attackers managed to delete the entire database of the web hosting provider on March 10, 2020, rendering the portal essentially defunct. The owner of DH, Daniel Winzen, has stated that the attacker deleted everything and created a new account of the database of the platform, to use for future operations. Regarding the chances of restoring the websites from a backup, there are none - as DH wasn’t keeping any backups.

Winzen doesn’t even have the interest to investigate how exactly the hacker managed to breach the DH backend, as he is very busy working on other projects, so essentially, this is the end of “Daniel’s Hosting.” As for where this leaves the hosting platform's users, they can consider their account passwords leaked now, but otherwise, they have not been compromised by the incident. Those who would like to see their websites back online again will have to seek for a new hosting platform now. Winzen doesn’t feel like continuing DH as the project was already more time-consuming than what he would have liked.

Back in November 2018, we reported a similar incident that had affected 6,500 websites at the time. In that hack, the attacker managed to delete the server’s root account as well as all database entries. However, Winzen had assured the darknet community that he would bring the hosting service back up once the PHP vulnerability is fixed. This incident was a big blow, as DH had undertaken a neuralgic role in darknet after “Freedom Hosting” was discontinued, also due to a catastrophic attack. The question that arises is, who is behind these data-wiping hacks?

While we can’t answer this question with certainty, we can speculate the possible origins of these attacks. DH was not accepting just any website that needed hosting services. Anything having to do with child abuse, selling drugs, guns, featuring violence, etc., was forbidden or ousted if discovered along the way. That said, one possibility is that the attacker could be a user who wanted to take revenge from a DH suspension. Another potential source of these attacks could be the authorities. Some officials in Germany want to outlaw the dark web, so portals like the DH are playing a key role in their minds. Targeting DH results in the takedown of thousands of dark web sites, hence causing real disruption.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari