the webserver was a simple nanohttp hackup on the oracle jvm, so Ill take some convincing java has an rce in its network stack, and they disguised it by spawning a process on the tor user after hacking the OS and covering that up sufficiently to leave no other evidence.
The only reason I spotted it was because I was checking for compromise by comparing any file/process changes every few weeks.
It was a few years ago, my guess back then was tor is the honeypot, given what happened recently with encrochat I wouldnt be surprised if a few years down the line it turns out it was.
Or maybe I misconfigured the server, or maybe the binary I used for tor was compromised, it was as much a test for whether I could trust tor as anything else and it failed. delete, move on.
The only reason I spotted it was because I was checking for compromise by comparing any file/process changes every few weeks.
It was a few years ago, my guess back then was tor is the honeypot, given what happened recently with encrochat I wouldnt be surprised if a few years down the line it turns out it was.
Or maybe I misconfigured the server, or maybe the binary I used for tor was compromised, it was as much a test for whether I could trust tor as anything else and it failed. delete, move on.