Tor hidden service operators: your default Apache install is probably vulnerable (opens in new tab)

Riseup also has a comprehensive guide on setting up a secure hidden service: https://help.riseup.net/en/security/network-security/tor/oni...