Website Monitoring of Tor Onion Services [closed]

Solution 1:

I don't know of any uptime SaaS providers that support monitoring websites on their onion service endpoints.

cron

Until that day comes (as it's hard to think of a reason why any admins shouldn't make their websites accessible at a .onion address--which benefits the privacy of their visitors), a simple solution is just to spin up a small micro sever (such as the "always free" server in google's cloud) that does a simple curl over tor every 1 minute and sends an email alert if curl exits non-zero.

For example, if you want to monitor torproject.org's onion service (qrmfuxwgyzk5jdjz.onion):

user@disp9739:~$ curl -IL --socks5-hostname 127.0.0.1:9050 http://qrmfuxwgyzk5jdjz.onion/
HTTP/1.1 200 OK
Date: Fri, 13 Nov 2020 15:16:44 GMT
Server: Apache
Content-Location: index.html.en
Vary: negotiate,accept-language,Accept-Encoding
TCN: choice
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';
Last-Modified: Fri, 13 Nov 2020 15:12:24 GMT
ETag: "3cec-5b3fe74ab4600"
Accept-Ranges: bytes
Content-Length: 15596
Cache-Control: max-age=3600
Expires: Fri, 13 Nov 2020 16:16:44 GMT
Content-Type: text/html
Content-Language: en

user@disp9739:~$ 

If you're running debian, then you can execute the following commands to create a simple cron job that will monitor your website:

sudo apt-get install tor curl mailutils
cat > /etc/cron.d/tor-hidden-service-monitoring <<'EOF'
* * * * * root url='http://qrmfuxwgyzk5jdjz.onion/'; curl -IL --socks5-hostname 127.0.0.1:9050 "${url}" || echo "Unable to access ${url}" | mail -s "ALERT: hidden service inaccessible" [email protected]
EOF

The above commands will install tor, curl, and the mail command and create a simple cron job that will attempt to access http://qrmfuxwgyzk5jdjz.onion/ every 1 minute and email [email protected] if it fails.

mon

To reduce false-positive email alerts, you could use mon to only trigger an alert after multiple consecutive queries fail.

sudo apt-get install tor torsocks mon

cat > /usr/lib/mon/mon.d/torsocks_http.monitor <<'EOF'
#!/bin/bash
################################################################################
# File:    torsocks_http.monitor
# Version: 0.1
# Purpose: Wraps the http.monitor script with torsocks to monitor .onion sites
#  https://tech.michaelaltfield.net/monitoring-tor-onion-websites-uptime-alerts
# Authors: Michael Altfield <[email protected]>
# Created: 2021-03-12
# Updated: 2021-03-12
################################################################################
 
export DIR_PATH=`dirname ${0}`
exec /usr/bin/torsocks --isolate ${DIR_PATH}/http.monitor -t 60 "$@"
 
EOF

hostgroup torproject_onion qrmfuxwgyzk5jdjz.onion
 
watch torproject_onion
        service http
                interval 5m
                monitor torsocks_http.monitor
                period 
                        alertafter 10
                        alertevery 1h strict
                        alert mail.alert [email protected]
                        upalert mail.alert [email protected]

systemctl restart mon.service

Tor2Web

Finally, you can also use Tor2Web to create a clearnet proxy to your .onion site, then point your existing uptime monitoring IaaS tool at it.

• https://github.com/tor2web/Tor2web

Source

The above solutions were originally published in the following article titled Monitoring Tor .onion Websites (uptime alerts)

• https://tech.michaelaltfield.net/2021/03/12/monitoring-tor-onion-websites-uptime-alerts/