Page 1 of 1
Banned IPs from the TOR network
Posted: Tue Aug 13, 2013 2:30 pm
by Tichy
I noticed that the forum bans some TOR (
https://en.wikipedia.org/wiki/Tor_(anonymity_network) ) exit nodes IPs. This is quite annoying for Tor users and, i think, not very useful for forum security, since the Tor client changes, by default, his exit nodes every 10 minutes.
The result is that even if a Tor ip is banned, an abuser have just to wait to have another exit IP, or force the change... but as a normal user, being forced to wait for his tor client to build another circuit or, restart it to force it, is an annoyace.
Is it possible to unban those Tor IPs?
Re: Banned IPs from the TOR network
Posted: Tue Aug 13, 2013 2:58 pm
by Disembodied
There was a problem like this a while back with
some Russian IPs: they were being blocked by Aegidian's provider, and not from within the forum. Generally an IP doesn't get banned unless it's the source of a lot - several hundred, usually, as a minimum - of recent spam attacks, as logged on SFS. If you give me some example IP addresses, I can check them out and see if (and possibly why) they are banned.
Re: Banned IPs from the TOR network
Posted: Tue Aug 13, 2013 3:17 pm
by Tichy
Ok. Let's try.
The next occasions I'll get the "Banned from the forum" page, I'll check and post the IP.
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 10:50 am
by Tichy
Here's one.
IP: 74.120.15.150
FQDN: raskin.torservers.net
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 11:13 am
by Disembodied
Tichy wrote:Here's one.
IP: 74.120.15.150
FQDN: raskin.torservers.net
That's on the forum ban list ... if you check that IP on
Stop Forum Spam, though, you'll see that there's a good reason why: 1,000 hits (which is where SFS stops counting).
Project Honeypot has it as an active source of forum spam, too, dating back several years. I'm not wild about the idea of unbanning it, to be honest.
Even if I did unban it, the next time we received a spambot attempt from that IP, whichever Assassin deleted it would be likely to IP ban it again, because of its rating. We don't (or I don't anyway) check who owns the IPs being blocked: all I look at is their nature. If they're prolific spam pumps, like this one, then I'll ban them.
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 11:39 am
by Tichy
I completely agree. A also checked two other banned IPs, and they appear in the Stop Forum Spam list (ironically, even SFS doesn't accept connections from the tor network...).
They are: 212.63.218.1 (tor01.spacedump.net) and 171.25.193.20 (tor-exit0-readme.dfri.se).
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 11:46 am
by Disembodied
The really aggravating thing is that, from a look at the email address variants being used, all these bots are probably the work of one person. Is it wrong to hope that he falls under a bus?
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 11:59 am
by Cody
Disembodied wrote:Generally an IP doesn't get banned unless it's the source of a lot - several hundred, usually, as a minimum - of recent spam attacks, as logged on SFS.
I'd just like to emphasise this point - we don't ban IPs just for the hell of it!
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 12:09 pm
by Tichy
Disembodied wrote:The really aggravating thing is that, from a look at the email address variants being used, all these bots are probably the work of one person. Is it wrong to hope that he falls under a bus?
As long as it's a vesa local bus...
Cody wrote:I'd just like to emphasise this point - we don't ban IPs just for the hell of it!
I thought that they were IPs from abusive users or taken from some public black lists.
Anyway, I found a way to exclude these exit nodes from my tor configuration.
In your torrc file (in gnu-linux /etc/tor/torrc)
ExcludeNodes node,node,...
A list of identity fingerprints, nicknames, country codes and address patterns of nodes to avoid when
building a circuit. (Example: ExcludeNodes SlowServer, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, {cc},
255.254.0.0/8)
By default, this option is treated as a preference that Tor is allowed to override in order to keep
working. For example, if you try to connect to a hidden service, but you have excluded all of the hidden
service’s introduction points, Tor will connect to one of them anyway. If you do not want this behavior,
set the StrictNodes option (documented below).
Note also that if you are a relay, this (and the other node selection options below) only affects your
own circuits that Tor builds for you. Clients can still build circuits through you to any node.
Controllers can tell Tor to build circuits through any node.
ExcludeExitNodes node,node,...
A list of identity fingerprints, nicknames, country codes and address patterns of nodes to never use when
picking an exit node---that is, a node that delivers traffic for you outside the Tor network. Note that
any node listed in ExcludeNodes is automatically considered to be part of this list too. See also the
caveats on the "ExitNodes" option below.
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 12:58 pm
by Disembodied
Tichy wrote:As long as it's a vesa local bus...
They can be quite jaggy, but I was hoping for something significantly heavier ... just one of the problems of increasing miniaturisation, I suppose. Glad you've found a workaround, though!
Re: Banned IPs from the TOR network
Posted: Thu Aug 15, 2013 1:08 pm
by Tichy
Just because it could be useful to other users, this is a snippet of my torrc file:
Code: Select all
ExcludeExitNodes raskin,DFRI0,212.63.218.1
ExcludeNodes {US},{GB},{IT},{IL}
(without spaces after the commas)
The country codes are from countries that I know that censors the net or track their users (we all know enough about the DataGate scandal
).
Anyway, that settings are not imperatives. Tor will use those nodes if he's unable to find another path. To be more strict, you should add that option:
StrictNodes 1
To check the exit IP, one could use
vidalia.
...That also have a nice world map to make you feel like you are playing "War Games"