I sent the following warning to the listed e-mail address of 14 of the 19 Tor nodes I found that accepted connections on port 8118, some of which bounced.
If any of you run or know how to get in touch with the operators of the nodes DaJoker, FawkesSwissBlade, LUDICROUS2U, RaspberryPI, pangu, mouseHouse, tornonym, or 75.137.122.118, I'd appreciate if you could pass this along.
Thanks!
-- Aaron
---
I noticed your Tor node _ with an IP of _ is one of 19 nodes that accepts connections publicly on TCP port 8118, which is the default port for Privoxy. I suspect this might be a configuration mistake.
I'm investigating this because my tor node "tordienet" has received millions of HTTP proxy requests to port 8118 per day for months. The requests appear to come from a botnet running on roughly 1500 IPs, and seem to be advertising click-fraud related. From the discussion in July on the tor-relays@lists.torproject.org mailing list (archive at https://lists.torproject.org/pipermail/tor-relays/), this appears to be true of many nodes.
Port 8118 is the default port for Privoxy, which comes bundled with Tor but is meant to provide an HTTP proxy for you and your local users to browse through and is not designed to be offered as a public service. If you don't use Privoxy, would you mind shutting it down? Or if you do, can you move it to a different port and/or only allow your own IPs to connect to it?
I'd be happy to provide more information or help you with the configuration changes if I can.