One of the largest hosting services for the ‘Dark Web’ Tor network has had its entire roster of more than 6,500 sites erased in a hack attack, the service has confirmed.

Daniel’s Hosting, operated by German Daniel Winzen, hosted a wide variety of Onion websites, which operate on the Tor, or The Onion Router, network.

Tor is designed to protect the anonymity of web users, and the services on Daniel’s Hosting ranged from fan fiction to malware, web marketplaces and drop sites for whistleblowers.

The wide range of sites may mean an equally diverse selection of possible culprits.

Unknown attackers

As yet Winzen said he has not determined the source of the attack or how it was carried out.

He said an unknown user logged into the hosting server on Thursday, 15 November and deleted all accounts.

“There is no way to recover from this breach, all data is gone,” Winzen wrote in a message on the service’s main portal.

He said he is planning to re-enable the hosting service once the vulnerability has been found and patched, possibly next month.

Winzen’s service is thought to be one of the largest on the Tor network, if not the largest.

It took over the top spot after the previous largest provider, Freedom Hosting II, was taken offline by the Anonymous hacker collective in February of last year.

Thus far there has been no indication that Anonymous was behind last week’s attack.

Zero-day bug

Winzen said he had identified a flaw in the service’s underlying code related to a newly discovered and as-yet unpatched PHP flaw.

The flaw came to wider notice last Wednesday, a day before Daniel’s Hosting was taken offline.

But Winzen said the way the service was configured shouldn’t have allowed that flaw to have such a broad effect. As such, he said, he isn’t convinced the PHP flaw was the primary vulnerability used in the attack.

“Commands run by this vulnerability shouldn’t have had the necessary permissions,” he told ZDNet.

He said the attack could be an opportunity to “improve some bad design choices of the past and start with an all new and improved setup”.

In the past, Tor has become known for its use by websites selling contraband ranging from illegal drugs to firearms, with the Silk Road marketplace being the most famous example.

Silk Road was shut down by the FBI in 2013, and its alleged operator, Ross Ulbricht, was later sentenced to life in prison.