1 |
On Sat, Jun 6, 2015 at 7:04 AM, Jarry <mr.jarry@×××××.com> wrote: |
2 |
> Hi Gentoo-users, |
3 |
> |
4 |
> my web-server gets constantly abused by users which appear to be |
5 |
> using tor-network (ip-lookup of source addresses always points |
6 |
> to tor-exit.watever). How can I block this tor-traffic completely? |
7 |
> |
8 |
> I know I can get the list of tor exit-nodes on: |
9 |
> check.torproject.org/exit-addresses |
10 |
> |
11 |
> How can I feed this list to iptables? Is there some ready-to-use |
12 |
> solution, or do I have to parse this list through some script |
13 |
> I have to write first? |
14 |
> |
15 |
|
16 |
However you do it, please don't use whatever approach half the |
17 |
websites seem to be using, which ends up blocking relay nodes as well |
18 |
as exit nodes. I run a relay-only node and it seems like random |
19 |
websites block me all the time. So, I just route all my non-server |
20 |
traffic through an anonymous vpn, which works fine, though likely |
21 |
being the source of just as much abuse (by others). |
22 |
|
23 |
There seem to be ip reputation services out there which don't |
24 |
distinguish between tor exits and relay nodes. |
25 |
|
26 |
Every once in a while I force a new dhcp lease on the IP used by tor, |
27 |
and I'm sure some other random user on my ISP then wonders why half |
28 |
the internet no longer works. |
29 |
|
30 |
The website you listed does appear to list only exit nodes - my node |
31 |
doesn't appear on the list. |
32 |
|
33 |
-- |
34 |
Rich |