Simple Machines Community Forum

Cannot get this to work -



if (IsTorExitPoint())
echo 'is Tor';
else
echo 'not Tor';


function IsTorExitPoint()
{
return (
gethostbyname(ReverseIPOctets($_SERVER['REMOTE_ADDR']) . "." .
$_SERVER['SERVER_PORT'] . "." .
ReverseIPOctets($_SERVER['SERVER_ADDR']) .
".ip-port.exitlist.torproject.org") == "127.0.0.2"
);
}
function ReverseIPOctets($inputip)
{
$ipoc = explode(".", $inputip);
return $ipoc[3].".".$ipoc[2].".".$ipoc[1].".".$ipoc[0];
}



Function always returns null.



This also doesn't work -




print isTorRequest() ? "Yep" : "Nope";

function isTorRequest() {
  $reverse_client_ip = implode('.', array_reverse(explode('.', $_SERVER['REMOTE_ADDR'])));
  $reverse_server_ip = implode('.', array_reverse(explode('.', $_SERVER['SERVER_ADDR'])));
  $hostname = $reverse_client_ip . "." . $_SERVER['SERVER_PORT'] . "." . $reverse_server_ip .   ".ip-port.exitlist.torproject.org";
  return gethostbyname($hostname) == "127.0.0.2";
}



Dunno if this'll help, at all... Do you want to check for Tor, users, specifically? Or, are you wanting something kinda "Anti-robot"?

I dunno what mod she uses, but my hostess's site goes mental, if I try to access it, using Tor.

http://www.totaltwaddle.co.uk/index.php

If that's the kind of thing you're after, I could ask her what she uses.

Arantor made a "block tor" mod a while back...   check how he did the ID?

Trying to detect Tor only, so that only Tor users can register on forum.  The first script is from Proxy Blocker mod, which Arantor assisted, and found it on other sources.  Second script appears to be a one-off.  Neither seems to work.

What about sticking this in the iptables?

#! /bin/sh
#this needs to be chmod'd 755
#update-rc.d firewall defaults 20 (not the correct way to do this)
#script works with ubuntu/debian based systems


iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -P INPUT DROP
iptables -P OUTPUT DROP

#allow tor and polipo access to loopback
iptables -I INPUT -j ACCEPT -i lo -p tcp --dport 8118:9050 --sport 1:65000
iptables -A OUTPUT -j ACCEPT -o lo -p tcp --dport 1:65000 --sport 8118:9050

#does this allow the user and polipo to send data out to ethernet too?
iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner test2 -o lo
iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner root -o lo
iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner proxy -o lo


#udp appears not to be needed
#iptables -A OUTPUT -p udp -j ACCEPT -o lo -m owner --uid-owner debian-tor


#loop through all ethernet devices and allow tor out; one should be the right one unless you are using wifi; although i think this works with wifi too
NETDEVICES=`ifconfig -a | grep Ethernet | cut -d' ' -f 1 | xargs`

for DEVICE in $NETDEVICES
do
        iptables -A OUTPUT -p tcp -j ACCEPT -o $DEVICE -m owner --uid-owner debian-tor
        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


I found that on a Linux forum. As it says, though, it only works with ubuntu/debian based systems.

Looks like that would block non-Tor users from reaching forum altogether.  All users would have guest access, or restricted access to boards, and be advised they need Tor to register. 

If $hostaddr contains 'tor-exit', can identify them with stripos($hostaddr, "tor-exit"), but that only happens around half the time.  The IsTorExitPoint() function is supposed to identify exit nodes that don't contain 'tor-exit', but doesn't seem to do anything.

Poo. Is the server Debian/Ubuntu, though?

No, and neither is mine, so can't try it, and don't understand that code to see what it's doing.

I suspect the IsTorExitPoint() function was written by Arantor, as he is credited with helping the mod author.  If Arantor wrote it, it should work, so maybe I'm doing something wrong (no surpise there). 

Way out my league, I'm afraid. :(

Installed Proxy Blocker mod - it doesn't work.

<sigh>

Ain't coding phun? ;)

     

:)

Nice kitties!