You could use Whonix as well. (Not supported or created by the Tor Project) https://whonix.org/
There is still opportunity for info leakage, so its best to not store identifying info inside the workstation if you are running a hidden service.
You can also set Tor-level cookie authentication if your service is private. See the Tor manual for that. On Jul 4, 2016 7:00 AM, tor-onions-request@lists.torproject.org wrote:
Send tor-onions mailing list submissions to tor-onions@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions or, via email, send a message with subject or body 'help' to tor-onions-request@lists.torproject.org
You can reach the person managing the list at tor-onions-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-onions digest..."
Today's Topics:
1. Re: Hidden Service IP Addresses (ncl@cock.li)
----------------------------------------------------------------------
Message: 1 Date: Sun, 3 Jul 2016 19:47:28 +0000 From: "ncl@cock.li" ncl@cock.li To: tor-onions@lists.torproject.org Subject: Re: [tor-onions] Hidden Service IP Addresses Message-ID: 57796BD0.6000002@cock.li Content-Type: text/plain; charset=utf-8
Flipchan:
Most Common is that an attacker gets root access or finds an rce bug on ur system and useage that to login to ur sys and by that gettin the ip,u can ofc run the site with a usr account and proxy all connections through tor with ip tables
What
------------------------------
Subject: Digest Footer
_______________________________________________ tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
------------------------------
End of tor-onions Digest, Vol 7, Issue 2 ****************************************