1 min readOct 25, 2017
Listening to “localhost” is kinda-okay because it is better than the threat as-described; however it opens up whole new vistas of threats associated with web software (especially Apache-related) which “trusts” localhost.
See this thread for details: https://twitter.com/AlecMuffett/status/922924914893398017
See this article for explanation:
See this Github document for how to avoid this problem:
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md