help for building online shop
- Thread starter calmtree
- Start date
If you are not an expert in web development, it is best to post ads on DNM.
If you intend to set up your own store, it's worth asking reliable experts for help.
There is an option to use ready-made open-source solutions.
Example: https://btcpayserver.org
If you intend to set up your own store, it's worth asking reliable experts for help.
There is an option to use ready-made open-source solutions.
Example: https://btcpayserver.org
Last edited by a moderator:
What does DNM mean?
First I wouldnt use PHP generally for tasks like this. There is a reason why financial institutions use Java. Without going too much into detail: Generally speaking Java offers pseudo strong typing which makes mistakes easier to detect hence fix hence more security because everything works as it should. PHP is more "hacky" because you can do pretty nasty stuff (eg. anonymous function with other functions, generated out of the fly and everything works magically well). PHP is safe in general and if you do clean code it shouldn't be a problem.
But wordpress is the perfect framework not to use on it. Its big and a target of so many hackers. Depending on the plugins you use you can create security holes. And sadly most wordpress pages require JavaScript.
You should have javascript on if you are just a customer. In fact the official TOR developer team recommends having JavaScript on because having it off makes it easy to fingerprint you and follow you (one out of 100 tor connections has javascript turned off or something like that).
Keep in mind that most de-anonymizing hacks were executed through JavaScript (eg. WebRTC calls). If you are a vendor then you should have it turned off.
But anyway PHP (by itself, natively) and Java (via Frameworks) offer great ways to deal with classic websites (session handling, so a no js website can feel like a normal website).
This forum here for example is great in offering a gate to both worlds. Some things are hard to realize without JS (for example the spoiler needs JS but there are hacky ways to make it work with only CSS).
Wordpress is written in PHP. Its originally an "article management system" where you can work on a blog and publish it on certain dates, with comment. Much like a lot of newspapers work.
Anyway with the certain plugins such as woocomerce you can make it to a shop. But because wordpress is so frequently used its usually a target by many hackers. But otherwise I would say it _should_ be safe.
The only bad thing is that some people have javascript turned off so wordpress might not work for them. Because yes js is a thread for vendor I dont think the gov would play its card out (using a tor browser js engine vulnerability) for a random vendor but I guess they would use such things rather to catch pedophiles or terrorists because if their trick becomes public it will be fixed by the community (open source tor).
I would say Wordpress is fine even for a group of vendors sharing it except if you plan to create a new white house market then you should start worrying about not using js, have multiple hidden onion services (to support more users at once), captcha to throw bots away...
Hell a lot of people dont even realize how much security WHM had. For example they even checked if your request came from a real browser implementation, it took me a long time to realize how they made it:
What I did was resending all request to their server and responding it back. You can use this to represent a complete original site but the only factor you change is the btc deposit address... Its basically a man in the middle. No I never used this to phish anyone, reasearch only. First I used a simple JAVA server which was only redirecting the query to the original server. This didnt work and I had no clue why. When I tried the same with nginx it worked fine. Then I found out how they did it... They checked if the headers started upper case as per definition. Most implementations had lowercase header names. But the tor browser and most browser used "upper case" names eg. "content-type" vs "Content-Type". So I used python raw socket to and build my own http fucking reuqests! And it worked like a charm.
For example Dread has no such protection so you could easy write a phishing site for Dread.
As you see there is much more shit going behind the scenes regarding security but even if you sell about 20'000$/day I wouldnt worry much. So just go nuts and use wordpress but let a professional set it up for you.
Anyway with the certain plugins such as woocomerce you can make it to a shop. But because wordpress is so frequently used its usually a target by many hackers. But otherwise I would say it _should_ be safe.
The only bad thing is that some people have javascript turned off so wordpress might not work for them. Because yes js is a thread for vendor I dont think the gov would play its card out (using a tor browser js engine vulnerability) for a random vendor but I guess they would use such things rather to catch pedophiles or terrorists because if their trick becomes public it will be fixed by the community (open source tor).
I would say Wordpress is fine even for a group of vendors sharing it except if you plan to create a new white house market then you should start worrying about not using js, have multiple hidden onion services (to support more users at once), captcha to throw bots away...
Hell a lot of people dont even realize how much security WHM had. For example they even checked if your request came from a real browser implementation, it took me a long time to realize how they made it:
What I did was resending all request to their server and responding it back. You can use this to represent a complete original site but the only factor you change is the btc deposit address... Its basically a man in the middle. No I never used this to phish anyone, reasearch only. First I used a simple JAVA server which was only redirecting the query to the original server. This didnt work and I had no clue why. When I tried the same with nginx it worked fine. Then I found out how they did it... They checked if the headers started upper case as per definition. Most implementations had lowercase header names. But the tor browser and most browser used "upper case" names eg. "content-type" vs "Content-Type". So I used python raw socket to and build my own http fucking reuqests! And it worked like a charm.
For example Dread has no such protection so you could easy write a phishing site for Dread.
As you see there is much more shit going behind the scenes regarding security but even if you sell about 20'000$/day I wouldnt worry much. So just go nuts and use wordpress but let a professional set it up for you.
If you are just starting then just create a simple html page presenting your products.
Share you email, wickr whatever you use for contact. I guess this should be fine for the begining you dont need a full automatic shop, there is so much shit for a good working shop to be done eg. check crypto price to dollar is already a "complicated" task (do you use daily prices? if so how do you calculate them like 10% + etc. pp.
Much easier if you don't have a lot of customers to do it manually anyway. The only thing you should worry then is a way to get instantly notified when a customer writes to you (eg. with wickr no problem).
Btw. I wouldnt use wickr because it belongs to amazon, its closed source and no transparancy and pretty sure the feds will soon clean the shit out of there which will lead to massive arrests world wide.
Just use everytime fucking pgp! Its not that hard doing it manually. If you still want to have the conformt of wickr but being safe then I can safely suggest wire.com its open source on github. Dont forget the connection isnt safe so you still need to run it over tor or a not logging vpn + shadow socks. I wouldnt download it from anywhre (eg. Play Store) but build it from source code. The source code is safe and even if the servers were compromised all the communication is automatically encrypted (you dont see anything of it like in wickr) so the server would just see encrypted messages. This is the only true messenger out there which allows you to build it from source code without the need to host server as well.
Share you email, wickr whatever you use for contact. I guess this should be fine for the begining you dont need a full automatic shop, there is so much shit for a good working shop to be done eg. check crypto price to dollar is already a "complicated" task (do you use daily prices? if so how do you calculate them like 10% + etc. pp.
Much easier if you don't have a lot of customers to do it manually anyway. The only thing you should worry then is a way to get instantly notified when a customer writes to you (eg. with wickr no problem).
Btw. I wouldnt use wickr because it belongs to amazon, its closed source and no transparancy and pretty sure the feds will soon clean the shit out of there which will lead to massive arrests world wide.
Just use everytime fucking pgp! Its not that hard doing it manually. If you still want to have the conformt of wickr but being safe then I can safely suggest wire.com its open source on github. Dont forget the connection isnt safe so you still need to run it over tor or a not logging vpn + shadow socks. I wouldnt download it from anywhre (eg. Play Store) but build it from source code. The source code is safe and even if the servers were compromised all the communication is automatically encrypted (you dont see anything of it like in wickr) so the server would just see encrypted messages. This is the only true messenger out there which allows you to build it from source code without the need to host server as well.
If you are just selling weed just open a vendor account on Cannahome or Cannazone market or one of other markets.It isnt worth it for weed.Research chemical shops do well tho.Also if you have large quantites of high quality weed an are in the EU i might be interested pm me.
I can make u an entire shop for what you need. Monero only, secured WordPress, DDoS protection included. As many listings as you like, pictures, dark theme. You don't have to pay almost anything upfront, you will pay if you're satisfied with the shop. Hit me up if it sounds aight.