| 1 |
You have to configure it to block all tor proxies. I don't own any servers |
| 2 |
but that seems like the most logical thing to do. |
| 3 |
|
| 4 |
On Sat, Jun 6, 2015, 09:12 Stroller <stroller@××××××××××××××××××.uk> wrote: |
| 5 |
|
| 6 |
> |
| 7 |
> On Sat, 6 June 2015, at 12:04 pm, Jarry <mr.jarry@×××××.com> wrote: |
| 8 |
> > |
| 9 |
> > … (ip-lookup of source addresses always points |
| 10 |
> > to tor-exit.watever). How can I block this tor-traffic completely? |
| 11 |
> > |
| 12 |
> > How can I feed this list to iptables? Is there some ready-to-use |
| 13 |
> > solution, or do I have to parse this list through some script |
| 14 |
> > I have to write first? |
| 15 |
> |
| 16 |
> I would have thought you could just have the webserver deny access to the |
| 17 |
> tor-exit.watever domain. |
| 18 |
> |
| 19 |
> For Apache, ctrl-f "domain" on this page: |
| 20 |
> http://httpd.apache.org/docs/2.2/howto/access.html |
| 21 |
> |
| 22 |
> NB: if you google "how to block tor", DNS based denial seems to be the |
| 23 |
> recommended solution: |
| 24 |
> |
| 25 |
> https://www.torproject.org/docs/faq-abuse.html.en#Bans |
| 26 |
> https://www.torproject.org/projects/tordnsel.html.en |
| 27 |
> |
| 28 |
> If you wanted to run a daily "add to iptables script" then you could |
| 29 |
> extract those IPs with: |
| 30 |
> |
| 31 |
> curl https://check.torproject.org/exit-addresses | grep ExitAddress | |
| 32 |
> cut -d ' ' -f 2 |
| 33 |
> |
| 34 |
> This is a bit primitive, but you can see it works. |
| 35 |
> |
| 36 |
> Stroller. |
| 37 |
> |
| 38 |
> |
| 39 |
> |
Archives