Topic: Tor Blocker

[Spuds]

http://custom.simplemachines.org/mods/index.php?mod=2329 - a bit out dated but probably easy to update...

It might even work as is...

Nice ... Latest update:

[WIP] -> [ABANDONED] 

[talu]

I love the work you've done and was happy to see an approach alike I had in mind, but wasn't able to do!

Does this mean you cancelled Tor Blocker and consider Proxy Blocker a better choice or do you symbolize Tor Blocker being ready for general use now?

[Arantor]

That proxy blocker doesn't block the majority of the attacks coming from Tor; I took the Tor detection it uses and implemented it on arantor.org - but I suspect where I literally only took the Tor check at the end (rather than all the proxy tests) it wasn't enough.

[Spuds]

The part of that proxy blocker that address TOR uses the same tordnsel service as the one I posted.  The only deltas wrt to TOR blocking is that the one I posted also uses the Tor Bulk Exit List as a backup ...  so two loops for tor to jump through to get in. 

Also the check condition on if its a tor exit point or not is slightly different, I don't look for only 127.0.0.2 since the tordnsel says that other A records inside net 127/8, except 127.0.0.1, are reserved for future use and should be interpreted by clients as indicating an exit node, but I've been recording that output and its been 127.0.0.2 fwiw.

I did not want to have all the other proxy checks that the full proxy blocker has since I do have users that utilize proxys that would get blocked.  I suppose I will add those in with an admin panel so I can be selective but right now I've been tor free, the blocker logs still show the attempts about every 1-8 mins apart but none have made it past.   But I don't have any plans to make any upgrades here as this has been basically been flagged as a dupe of sorts.

[Astra_200]

Ok, great work guys, but now I'm confused.

Just about to download and install Spuds mod, now it seems theres a spanner in the works.

Tech talk aside that I dont really understand, what mod should I be using to deal with the current bot attacks.

Thanks.

[SN]

I just installed this, now i can't access my forum.

everytime i type my forum url in, it redirects me to this site http://tor.cybermirror.org/

what should i do ?

[SN]

damn, still can't access my forum. can anybody explain to my how to uninstall this manually?

[vbgamer45]

Upload mod to http://resourcez.biz/PackageParser/ then follow the uninstall edits.

[SN]

Upload mod to http://resourcez.biz/PackageParser/ then follow the uninstall edits.

thanks vb.

can access my forum again, now i uninstalled it

[Spuds]

FTP to your site or go in with your control panel

open/edit index.php or if you are uncomfortable doing that upload it here and I'll fix it.

in index PHP find

Code: [Select]

// MOD TorBlock ... See if this IP is a tor exit node and if so tell them to enjoy tor
require_once($sourcedir . '/TorBlock.php');
if ($user_info['is_guest'] && CheckIPforTor())
redirectexit('http://tor.cybermirror.org/');
and delete it.  Save file and you will be fine.

You can also take the following code and save it as TorBlock.php and overwrite the one in your Sources directory. 

Code: [Select]

<?php
function CheckIPforTor()
{
return false;
}
?>

[Spuds]

Ok, great work guys, but now I'm confused.

Just about to download and install Spuds mod, now it seems theres a spanner in the works.

Tech talk aside that I dont really understand, what mod should I be using to deal with the current bot attacks.

Thanks.

I removed mine from this thread to avoid any confusion.  The approved mod is the one that SlammedDime pointed to here: http://custom.simplemachines.org/mods/index.php?mod=2329

That mod should install fine by using the emulation mode in the package manger (if you are on 2.0) and if you are on 1.0 you will need to install the emulation mod for V1.1 first. 

I have not installed this package myself so I can't comment on its effectiveness but it does some of what my mod was trying to do anyway.  It also looks like its a full proxy blocker and not just a tor blocker so IF you have users that come in via a proxy (some business and cell users for example) they might be blocked as well.  Not sure there are a configuration options in the admin panel to select what it on or not.   Best thing to do it go to that mod thread http://www.simplemachines.org/community/index.php?topic=355152.0 and give it a read.

[Astra_200]

Thanks Spuds.

It does appear to me that the Proxy Blocker mod will do far more than I need right now in relation to the current bot attack. I dont really want to block innocent people that dont even realise they are behind a proxy.

All I'm really interested in is taking a break from blocking tor IP's that just keep coming. I took the plunge and installed your block tor mod and deleted 100's of IP's from my htaccess and so far so good, (albeit 15 mins ago) EDIT: Now over 5 hours and not a password error to be seen

The mod installed fine on RC4, no errors, and I ran the scheduled task just in case.

This along with Arantors valuble help should help protect my forum for a while, until the next time

So thank you Spuds for your time and for sharing your mod and experienece.

EDIT. I think you should leave the package up, gives people the choice then

[N. N.]

  Thanks Spuds! You saved us all.    It works!  No more guest trying to log in!
  Bye bye botters! lol  This should now really be pre-installed with smf.

The thing is, the Tor service is not guilty for this... It's a proxy service with many uses, and it's being used at the moment by the network of malicious users, but that can end tomorrow for all we know. Unfortunately, yes, it is used heavily at the moment on a number of forums, and quick action like blocking it for now it obviously useful.

Thank you, Spuds, for working on this. Don't worry about being a duplicate of sorts, I did the same as you, LOL, and just worked on something similar.
In the situation out there, it's needed... and I can confirm from quite a number of forums I checked that it's needed for Tor only, at the moment.

ETA: 8 replies behind! Man, I'm slow.

[RustyBarnacle]

Yeah I'd rather use your tor blocker mod if thats the proxy that is the problem and not block all of them if you don't mind.  I haven't downloaded it yet so if you put it up again it would be greatly appreciated.

Thanks.

[THE BRA1N]

I can't seem to generate a TorExitNodesToBlock list beyond this:

# This is a list of all Tor exit nodes that can contact 127.0.0.1 on Port 80 #
# You can update this list by visiting https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=127.0.0.1 #
# This file was generated on Fri Feb 18 23:35:22 2011 UTC #
173.255.238.238

Any ideas?

[Spuds]

Thank you, Spuds, for working on this. Don't worry about being a duplicate of sorts, I did the same as you, LOL, and just worked on something similar.
In the situation out there, it's needed... and I can confirm from quite a number of forums I checked that it's needed for Tor only, at the moment.

Cool ... I got concerned that it was going to cause confusion and right now at least on my site it was only TOR exit nodes so I put up the wall just for that.  I'll put it back up if it helps folks out but will not 'develop' it in to a full blown mod.

I can't seem to generate a TorExitNodesToBlock list beyond this:

# This is a list of all Tor exit nodes that can contact 127.0.0.1 on Port 80 #
# You can update this list by visiting https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=127.0.0.1 #
# This file was generated on Fri Feb 18 23:35:22 2011 UTC #
173.255.238.238

Any ideas?

Your server IP address is 127.0.0.1  .... you and like a million other folks ... are you running this on a local test bed or other (like IIS  ?) ... the mod uses $_SERVER['SERVER_ADDR'] which *should* contain your server IP.

[N. N.]

Thank you, Spuds, for working on this. Don't worry about being a duplicate of sorts, I did the same as you, LOL, and just worked on something similar.
In the situation out there, it's needed... and I can confirm from quite a number of forums I checked that it's needed for Tor only, at the moment.

Cool ... I got concerned that it was going to cause confusion and right now at least on my site it was only TOR exit nodes so I put up the wall just for that.  I'll put it back up if it helps folks out but will not 'develop' it in to a full blown mod.

IMHO it really helps at this moment. People can choose what is more appropriate for their forum.
Your choice, of course.
Thank you!

ETA: I will note again, if I may, that Tor network itself simply allows people to use a proxy, and there is nothing wrong with that, there are needs it responds to, and it has volunteers from all over the world. Unfortunately, at this particular moment, it's used to malicious users, and their identification and blocking should be, IMHO, a quick temporary option available for the admins of the affected forums.

[Astra_200]

IMHO it really helps at this moment. People can choose what is more appropriate for their forum.
Thank you!

Agreed, thanks again Spuds

[Spuds]

Its back in post 1 ... only deltas that I recall were an attempt to watch for a couple of errors which might cause you to block yourself as happened above, so instead of that happening it would basically do nothing.  Said another way if you already have this installed and its working don't do anything 

ETA: I will note again, if I may, that Tor network itself simply allows people to use a proxy, and there is nothing wrong with that, there are needs it responds to, and it has volunteers from all over the world. Unfortunately, at this particular moment, it's used to malicious users, and their identification and blocking should be, IMHO, a quick temporary option available for the admins of the affected forums.

Agree ... its actually a great project and works very well ... I often use the Tor Browser myself to do testing.  Unfortunately right now the hackers are using the very thing TOR stands for against it, interesting dilemma for sure.

[RustyBarnacle]

Cool.  Thanks!