in blogging, observations, tech, webhosting

Let’s talk about Tor

Teleread recently covered how the New Hampshire Public Library turned its Tor Relay back on, despite warnings from local law enforcement that although the router itself isn’t illegal, it will likely be used for illegal purposes. The article points out that Tor is an important service because, keeping aside the negatives that come from total anonymity, it provides political dissidents a way to bypass censorship. This is important for the growth of democracy in all countries around the world.

There is, of course, the other side – that Tor is used by a wide variety of undesirables who use it for nefarious purposes using the blanket cover of anonymity as a defense against possible government intervention. In that sense, Tor is kind of like torrents. You can download every open-source Linux distro ever created using torrents, but most people are probably just downloading pirated content off it.

But let’s talk about something else. Of late, my WordPress blogs are being pounded by login attempts and comment spam. I’m fighting it off using a plethora of tools – Cloudflare, ‘Limit Login Attempts’ and ‘Bad Behavior’ plugins and the ever trusty fail2ban system. Today, I compiled a list of every erring IP and shoved it into fail2ban, banning about twelve hundred IPs from ever accessing my servers. Then, using iptables’ reverse DNS, I looked at the results (listed at the bottom).

I found that while most of the IPs I blocked are from computers all over the world (Europe, China, India, US), 20 of them are listed tor relays. I also noticed that I am getting a lot of repeat traffic from the tor relays, which either means multiple hackers or multiple scripts. By blocking those relays, I have reduced the number of hacking attempts I’m getting, but I’ve also blocked something far more important – legitimate viewers.

I don’t write something of great import. I am not a leading political pundit or an important news organization. But imagine those who are. In battling constant hacking attempts, companies often do blanket bans such as the one I just did. If, while doing so, they ban tor relays, they are blocking people hidden behind those services from ever accessing their sites. This is bad.

In a way, this is kind of like the IPv6 problem. I don’t have an IPv6 address and I don’t want to pay for it. IPv6 still barely has any real adoption and I don’t care for those few who would visit my site using its IPv6 address. But Cloudflare provides a nice little service which takes all IPv6 requests and converts them and sends them my way, all for free. So that way, anyone using IPv6 can access my site.

This is not true for Tor. There is no trusted Tor service which takes good, legit Tor traffic and sends it to me. All I’ve been getting is spam and hacking attempts. So why would I waste my time on Tor? Why would I allow Tor relays to access my sites? I won’t, of course.

This hurts Tor immensely. To paraphrase something Cory Doctorow said in Little Brother, if no one is using Tor for legit purposes, then the only people using Tor are dissidents. Repressive governments can then send people to jail simply for using Tor, no matter what they’re using it for. This is the problem with Tor right now. It may seem like a great idea for a public library to host a Tor relay but if it is not going to be put to legit use, if the only thing coming out of it are hacking attempts and if the IPs of their relay is going to get honeypotted by every such project in the world, then what is the point of this exercise?

This is what Tor needs to do – have a feedback loop. I should be able to tell the Tor relay that they’re being misused and they should be able to block all outgoing traffic from their network which relates to the misuse. The onus of that lies on the relay, since it is far easier for me to block an IP address than to block individual requests from that server. I do not know if there is any legitimate traffic coming from those tor relays. All I know is that I’ve got lines and lines of log entries telling me someone is trying to log into my WordPress blog using the password ‘nitin888’ (like seriously, how dumb do you think I am??)

In conclusion, if Tor wants to be a legitimate software used by people to mask their identities, it needs to allow us, the server admins, a way to make sure we can get the illegal users off our backs. Otherwise we’ll keep blocking Tor and the end result will be no better than it is right now.

IP list: -h 2a00:1028:838a:13c6:ed59:7d8d:f031:8681 2a02:1812:110a:9100:5854:dd25:baa4:eaf4 2001:e68:5420:6cb1:81d1:1411:d0f4:39c6 2601:343:301:df10:6c19:f09b:dea4:1286 2606:6000:c842:b800:e4ee:b31c:1891:98d0 2a00:1028:9195:818e:242d:5db7:5fee:9269 2a02:1811:3105:ad00:d90c:7891:5752:3454 240f:b:6456:1:dcf6:811b:7b91:d936 2a02:2f07:d2bf:ffff:0:0:50f:1b50 2001:7d0:890d:c401:39ce:7f47:d7f2:19ad 2a02:1811:e521:2400:486b:7041:4a52:55ca 2001:7d0:888d:7a01:b86f:cf35:ac86:9053 2a02:2f0a:2002:3400:29ec:ee83:8185:e244 2a02:2f0b:b00f:ffff:0:0:bc19:73fa 2a02:810b:8b40:1514:b422:5c4e:b4fa:b1b4 2a02:2f0b:404f:ffff:0:0:bc1b:bf92 2a02:1811:e521:2400:f4d4:2353:3580:b98b 2001:e68:5412:f235:5144:d6b6:5278:3a1a 2a02:1811:3105:ad00:9925:ef89:1a29:d5fb 2a02:2f0d:f04f:ffff:0:0:524e:c649 2a02:2f08:81cf:ffff:0:0:4f76:beac 2a02:582:18df:6e00:7595:8714:bbe2:82 2a01:4f8:150:122f:0:0:0:2 2a01:4f8:200:34a2:0:0:0:2 2001:8d8:943:7400:0:0:17:d529 2a01:4f8:162:5085:0:0:0:2 2a01:4f8:201:10e7:0:0:0:2 2a00:1a48:7803:107:f543:baa1:ff08:2630 2001:e68:540c:b386:684b:d84b:81bd:5d2 2a02:2f02:903f:ffff:0:0:567d:8185 2404:e800:e608:dd4:89af:c1e2:9c43:db0d 2a02:810b:8b40:1514:7577:199:d53e:8e63 2001:16a2:9ea4:1400:2d1c:bd00:1c59:e3f4 2a00:f41:1000:17f5:f100:d019:cc4:1b80 2a01:4f8:140:33ea:0:0:0:2 2001:8d8:830:2100:0:0:a1:8d3c 2600:3c01:0:0:f03c:91ff:fe26:8668 2602:30a:2e3d:97e0:d821:fe9e:d738:fb0d 2602:304:68a6:2fb0:bc11:6b08:efd1:f5a2 2001:e68:5423:6bcf:c8ea:d694:a77a:427b 2601:246:4100:8d5e:e144:7420:72d6:7d1e 2a02:2f0b:400f:ffff:0:0:bc1a:5210 2602:306:25de:1239:843:72d3:6825:e8a4 2601:283:c001:3f40:85d7:e35:4ba9:7445 2a01:e35:8a12:a460:e940:42f5:a969:afaa 2a02:2f08:81df:ffff:0:0:567d:c804 2a02:fe0:cc20:3680:9029:2086:cbfd:a3c1 2a02:2f0b:402f:ffff:0:0:bc1a:bec3 2a02:1810:3e1e:2c00:54a1:793e:42dd:9267 2001:e68:540c:e76e:190a:6fb3:abb6:81ea 2a00:f70:abcd:102:0:1256:2cb1:f730 2601:283:c001:3f40:13b:886b:3175:77c1 2a02:582:18ad:5a00:9121:e0c8:8f7:9e50 2a02:582:1cec:6900:f050:c04f:b810:564d 2601:283:c000:f3c4:9d20:d4be:3172:c022 2a01:e35:8a13:e970:d138:f792:9905:3a15 2601:283:c001:3f40:894:cbb0:87bc:2abc 2a02:582:18bd:b00:ac92:b90d:dd38:c8e7 2a01:4f8:191:7102:0:0:0:2 2a01:4f8:201:3257:0:0:0:2 2600:3c02:0:0:f03c:91ff:fe70:af39 2a02:29e8:770:0:3:0:0:35 2a02:af8:2:2100:0:0:0:6147 2401:1801:7800:101:f361:ff7e:ff18:10ac 2a02:29e8:770:0:3:0:0:21 2a02:2770:3:0:21a:4aff:fe82:5bc4 2001:8d8:86c:5a00:0:0:35:9702 2a04:ce80:1000:0:2247:47ff:fe7a:7b28 2600:3c03:0:0:f03c:91ff:fe26:aed6 2a02:29e8:770:0:3:0:0:28 2001:8d8:91c:5200:0:0:1:d942 2a01:4f8:190:5287:0:0:0:2 2a02:ee0:3:0:0:0:1:34 2a02:29e8:770:0:3:0:0:24 2a02:29e8:770:0:3:0:0:33 2a02:af8:6:2300:0:0:1:706 2a02:29e8:770:0:3:0:0:12 2a01:7e00:0:0:f03c:91ff:feae:5fff 2a02:29e8:770:0:3:0:0:15 2a02:2f0c:509f:ffff:0:0:bc19:44d, 240f:42:30aa:1:54d1:c2a8:5c86:63ec 2a02:2f01:602f:ffff:0:0:567a:f55c 2a01:e35:8a9c:e9d0:7153:f81e:6ed0:4f50 2601:c1:c001:db9b:45dc:9175:fb0a:6571 2601:446:4000:d1c1:61b8:2811:7ff6:9dcf 2601:18c:1:8653:44a9:9037:3620:e4c0 2605:e000:c846:2700:5c34:e10e:4fe9:1904 2604:2000:b023:9800:489b:67a2:4e43:9a4,, 2001:7d0:884e:f701:7d65:812a:a25:b313 2a02:2f01:603f:ffff:0:0:567a:f3dd 240f:42:30aa:1:e0ba:5fc5:db7f:b390, 2601:584:c300:4870:6dc2:267b:e445:1e0 2601:40b:8404:a20a:d57d:c1d7:f142:656f 2a02:2f0c:507f:ffff:0:0:50c:103a 2a01:e34:ed28:c5b0:41b1:2111:21cc:2403 2601:c1:c001:db9b:f15a:33b2:3dd7:25c2 2a02:2028:511:c501:44a:e599:5443:bf5d 2001:e68:5419:9336:985:b60e:be54:498b 2a01:e35:2ed2:2cb0:298d:5508:6fe6:c6c 2a02:2149:8469:8e00:8527:99a8:154:e4ed 2a02:2028:73a:4101:d82e:c98:bc4e:fab4 2a03:7380:22c0:17:7d16:9af6:289a:3541 2a02:2149:8616:5e00:6d51:2a0f:4001:e182 2a02:2f0c:508f:ffff:0:0:bc19:d994 2001:e68:5419:d93e:985:b60e:be54:498b 2a02:2028:51d:6b01:9d09:786d:f2db:520e 2602:306:3681:c450:6dbb:b284:a7a4:54f4 2001:41d0:2:7de:0:0:0:0 2001:e68:5423:7831:44b1:9ee9:8989:e4d8 2001:e68:5419:f4bf:985:b60e:be54:498b 2001:8a0:de39:2d01:1da9:56b3:9593:f791 2001:e68:540c:65de:1891:2995:da45:89ac