Largest Dark Web hosting service provider hacked, over 6,500 sites down

Share this Story:

Daniel’s Hosting, one of the largest providers of Dark Web hosting services, was hacked this week and thousands of sites taken down, Cyclone Learned.

According to, the hack took place on November 15th around 10:06 PM UTC when the hosting server was logged in to via phpmyadmin and adminer with the correct hosting management password and deleted all accounts.

Danwinzen said the server’s root account was also deleted, affecting over 6500 dark web services hosted on the platform to go disappear.

After the anonymous deletion of the root account, the remaining databases from the chat, link list and hit counter got deleted. He added.

“Unfortunately, all data is lost and per design, there are no backups,” Winzen told ZDNet in an email today. “I will bring my hosting back up once the vulnerability has been identified and fixed.”

He is also finding it hard to figure out the main root cause of the hack by log analysis as he believes that by 14th at 5:33 the database had already been accessed with this user.

Winzen confirmed that that the hacker has only been able to gain administrative database rights. There is no indication of having had full system access and some accounts and files that were not part of the hosting setup were left untouched

According to the ZDNET, for the past two days, Winzen has been doing just that, looking at possible vulnerabilities that the hacker might have exploited to gain access to his server.

“There is no way to recover from this breach, all data is gone. I will re-enable the service once the vulnerability has been found, but right now I first need to find it. Most likely in December the service will be back up.”

After the Anonymous hacker collective breached and took down Freedom Hosting II, another popular Dark Web hosting provider, in February 2017, Daniel’s Hosting became the largest and most popular hosting provider for Dark Web services.

The service has been used to host everything from malware operations to political blogs, and the list of suspects who might have been interested in hacking DH ranges accordingly, from rival cybercrime gangs to nation-state hackers looking to track down dissidents and political activists. ZDNET noted.

Popular sources believe the scripts being open source on github, anyone is welcome to take it up and rely on it to build a new hosting service or help find the vulnerability – which might have caused the breach.

He has confirmed that the chat has been restored with a fresh installation and other services will be back up soon and expects to get the hosting back up in December.

3,685 total views, 1 views today

Leave a Reply

Your e-mail address will not be published. Required fields are marked *