Onion (née hidden) services are easily hosted from any computer, even behind a NAT/ISP due to how it publishes its descriptor and relies on reachable relays for rendezvous. It's easy with the Tor executable and a torrc file, there are plenty of guides out there.
Even though you're new to all this, for others wanting to do this programmatically, there is Stem for Python and I've written one for Go [0]. It's such an easy self-hosting NAT traversal technique, I'm surprised it's not used more often in situations not requiring great bandwidth/latency (e.g. p2p chat).
However, Tor is vulnerable to traffic analysis. And running a server, adversaries can easily modulate/fingerprint the traffic, which facilitates traffic analysis. If you can see the signal, and have taps on major AS, you can drill down to the server.
A way I would pinpoint a hidden server would be to monitor different data center regions / networks for outages or congestion, while at the same time looking at the hidden server's ping reply. The response times alone can reveal a lot of information. Once I have the data center, I'm sure the data center admins can see which servers are using Tor, and help with pinpointing it further. No need for taps.
One can route Tor traffic for .onion servers through VPNs, or even through nested VPN chains. That makes it a little harder, because the hosting provider can't easily tell that it's Tor traffic. Also, one can run a private obfsproxy, which isn't listed or indexed by Tor.
To be more picky, it's the SHA-1 hash of the public key, truncated to 10 bytes, then base 32'd which makes 16 chars. That's only for v2, v3 is a bit different.
And yes, v3 is a huge space. That is, several orders of magnitude larger than the IPv6 space. Which is itself humongous.
Edit: Oops. Got that very wrong. Onion v3 is orders of magnitude greater than IPv6 /64. But orders of magnitude less than IPv6 overall. It's like this, I think.
onion v2: ~1.84×10^19 [16^16]
IPv6 /64: ~1.84×10^19 (which is why OnionCat works)
For anyone curious, v3 is the 32-byte ed25519 pub key, then the first two bytes of the SHA3-256 hash of the key (w/ prepended fixed string and one byte appended), then one more const byte, and then all of those 35 bytes are base 32'd to make 56 chars. Some Go code to illustrate: https://github.com/cretz/bine/blob/f33268f0843a1b2b131a4cacf.... One benefit being that the entire pub key is right there in the hostname.
In normal Tor usage, the client sends a request through three chosen hops, each of which only knows the previous and next hops, so the entry node doesn't know the destination and the exit node doesn't know where the request originated. But this only hides the client, because the client needs to know the server's address to direct the exit node where to send the request. So to hide the server, there is a symmetrical setup with three extra hops on the server's side, and a published "rendezvous" address in the middle. So the server connects to the rendezvous without revealing its real IP, and the client can direct requests to the rendezvous without knowing the server's IP.
If I'm reading this right, it actually hosted the websites but its IP address was hidden. I don't know if each site maybe got its own IP on the host, because after all I'd think it would be trivial for a customer to upload some code to unmask the host's actual IP. https://web.archive.org/web/20170830191551/https://hosting.d...
No, by "hosting" they mean shared hosting, with multiple .onion sites on one physical server.
Each of those .onion sites would have its own Tor entry guard relays, and would negotiate its own rendezvous points. An .onion service, just like a Tor user, selects a few entry guards that it uses consistently. And gradually replaces with new ones, over some weeks. But rendezvous points get picked fresh for each client-server connection.
Only if you're omniscient in the network. No single node knows what traffic it's carrying, or that the next node the traffic is meant to be sent to is the final one.
Even though you're new to all this, for others wanting to do this programmatically, there is Stem for Python and I've written one for Go [0]. It's such an easy self-hosting NAT traversal technique, I'm surprised it's not used more often in situations not requiring great bandwidth/latency (e.g. p2p chat).
0 - https://github.com/cretz/bine