I'm Running A Tor Exit Node And NEVER Initiated It
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg. This is as of today: usr/share/tor/tor-service-defaults-torrc DataDirectory /var/lib/tor PIDFile /var/run/tor/tor.pid RunasDaemon 1 user debian-tor control socket /var/run/tor/control control socket group writable 1 cookie authentication 1 cookie auth file group readable 1 cookie auth file /var/run/tor/control-authcookie log notice file /var/log/tor/log etc/tor/torrc contact info 0xFFFFFFFF Random Person <nobody AT example dot com> #Dirport 80 No Listen #Dirport 127.0.0.1:9091 No Advertise #Dirport front page /etc/tor/tor-exit-notice.html #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more #accept *:119 # accept nntp as well as default exit policy var/lib/tor lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible) cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content is not visible to me) tor.pid-32156 /var/lib/tor/state #Tor state file last generated on 2016-05-25 04:36:02 local time #Other times below are in UTC #You *do not* need to edit this file. EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20 THERE'S WAY more to the above file but I'm not sure what I should and shouldn't share on here. As a matter of fact, I'm not sure what half of this stuff means so I've spent the last few months trying to educate myself on as much of this as possible. Like I said, I am MORE than willing to talk to anyone out there who may be able to help.
I mean I didn't do any of this. I did not create ONE Tor related file on any of my computers. It would appear by my files and folders that I'm running this but I'm not. When I contact my ISP regarding my router configuration they seem to be seeing a different screen than what I'm seeing or they're lying. I'm new to all of this so my apologies if I'm slow. Until right now I was prevented from contacting anyone regarding this issue. What I mean by prevented is, either my email would refuse to send or my connection would be lost or even my router resetting itself. Because I was somehow being prevented from contacting anyone via my home connection I went to two separate libraries wherein I tried to contact the EFF. Each time I clicked to send my concerning email my designated computer would time out then shut down. I know this sounds crazy but this has been my life since September 2015, when I started to become more aware and as self-educated as possible. I want you to be aware there is an exit out there coming from my computers that I am not in control of. On Sun, May 29, 2016 at 11:47 AM, I <beatthebastards@inbox.com> wrote:
Percy,
What do you mean when you say you have nothing to do with your exit node?
What do you want help to do?
Robert
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 29.05.2016 at 17:28, Percy Blakeney wrote:
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg.
Its not an Exit. So nobody will likely come down on you about it.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20
That long number is the fingerprint unique to every node. With this you can see more about it here: https://globe.torproject.org/#/relay/50586E25BE067FD1F739998550EDDCB1A14CA5B... Apparently its running since August, 4 2015, 2 AM. Since nearly a year.
Its not clear to me what kind of help do you want. Do you want to stop running the Tor node? What Linux distro and version are you running? Is this iceberg a server you own? Why don't you have root/admin access then? Who set it up? Maybe just power the machine down? Greetings from Zurich Ana
On 05/29/2016 05:28 PM, Percy Blakeney wrote:
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg. This is as of today:
usr/share/tor/tor-service-defaults-torrc
DataDirectory /var/lib/tor PIDFile /var/run/tor/tor.pid RunasDaemon 1 user debian-tor control socket /var/run/tor/control control socket group writable 1 cookie authentication 1 cookie auth file group readable 1 cookie auth file /var/run/tor/control-authcookie log notice file /var/log/tor/log
etc/tor/torrc
contact info 0xFFFFFFFF Random Person <nobody AT example dot com> #Dirport 80 No Listen #Dirport 127.0.0.1:9091 <http://127.0.0.1:9091> No Advertise #Dirport front page /etc/tor/tor-exit-notice.html #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more #accept *:119 # accept nntp as well as default exit policy
The hashes (#) in from of the lines are part of the default inline documentation in the torrc file, and should have no effect because they are comments. It looks like you or someone with root access installed Tor on your computer. You did not send enough of the torrc file to see if it is configured as an exit. It could just be the default configuration after a "sudo apt-get install tor"... If you just want to remove Tor from your machine (which runs Debian?), you could just do: sudo apt-get remove tor However, that might remove any clues as to who installed Tor and why.
var/lib/tor
lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible) cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content is not visible to me)
The contents of the files and logs might only be readable by root, so using sudo might help to read them.
tor.pid-32156
/var/lib/tor/state
#Tor state file last generated on 2016-05-25 04:36:02 local time #Other times below are in UTC #You *do not* need to edit this file.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20
THERE'S WAY more to the above file but I'm not sure what I should and shouldn't share on here. As a matter of fact, I'm not sure what half of this stuff means so I've spent the last few months trying to educate myself on as much of this as possible. Like I said, I am MORE than willing to talk to anyone out there who may be able to help.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. There are files on my Linux computers that show me what to display if I run a netstat command or nstat command so even when I try to figure things out I'll continue to get the same results every time. Terminal fortune cookies were installed without me installing them. One time upon opening up my terminal the little penguin's thought cloud said this: "I am number 2. You are number 6." Though I know a terminal only takes commands I impulsively typed back within it, "I am not a number. I'm a free man!" Immediately after I typed that in this popped up after my sentence, "I am not a number. I'm a free man-tor!" And it was then that I started going through my folders and files and found everything Tor related. Even some link that told me I was running through a Tor router. On Sun, May 29, 2016 at 12:09 PM, Arjen <arjenvanweelden@gmail.com> wrote:
On 05/29/2016 05:28 PM, Percy Blakeney wrote:
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg. This is as of today:
usr/share/tor/tor-service-defaults-torrc
DataDirectory /var/lib/tor PIDFile /var/run/tor/tor.pid RunasDaemon 1 user debian-tor control socket /var/run/tor/control control socket group writable 1 cookie authentication 1 cookie auth file group readable 1 cookie auth file /var/run/tor/control-authcookie log notice file /var/log/tor/log
etc/tor/torrc
contact info 0xFFFFFFFF Random Person <nobody AT example dot com> #Dirport 80 No Listen #Dirport 127.0.0.1:9091 <http://127.0.0.1:9091> No Advertise #Dirport front page /etc/tor/tor-exit-notice.html #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more #accept *:119 # accept nntp as well as default exit policy
The hashes (#) in from of the lines are part of the default inline documentation in the torrc file, and should have no effect because they are comments. It looks like you or someone with root access installed Tor on your computer. You did not send enough of the torrc file to see if it is configured as an exit. It could just be the default configuration after a "sudo apt-get install tor"...
If you just want to remove Tor from your machine (which runs Debian?), you could just do: sudo apt-get remove tor However, that might remove any clues as to who installed Tor and why.
var/lib/tor
lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible) cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content is not visible to me)
The contents of the files and logs might only be readable by root, so using sudo might help to read them.
tor.pid-32156
/var/lib/tor/state
#Tor state file last generated on 2016-05-25 04:36:02 local time #Other times below are in UTC #You *do not* need to edit this file.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20
THERE'S WAY more to the above file but I'm not sure what I should and shouldn't share on here. As a matter of fact, I'm not sure what half of this stuff means so I've spent the last few months trying to educate myself on as much of this as possible. Like I said, I am MORE than willing to talk to anyone out there who may be able to help.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Back in March I was taking screenshots and pictures with my android of the different folders and files. Days after I started to accumulate them I started to notice they were disappearing from both my phone and computer so I started to write down everything in a binder. This was the first files I found: Tor accept 192.168.0.0/16 control port 9051 hashed control password 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C hidden service port 80 127.0.0.1:80 hidden service port 22 127.0.0.1:22 (e.g. advertise 443 but bind to 9090) outgoing traffic 10.0.0.5 nicknamed ididntedittheconfig each period starts daily at midnight each period starts on the 3rd of the month at 15:00 contact google Random Person <nobody AT example dot com> directory connections 9030 (e.g. advertise 80 but bind to 9091) entry guard 4B7B73D5A1F789ED2411A90E03C49C91652FDB95 entry guard AA1B026EE0C8A958E29C67C7D8885FF27572269D entry (Alligator) 774969EEAA906F269C4E4E1D2E3D8711DA601491 exit fast guard HSDir running stable V2Dir Valid Pascal 7 Raspberry PI Tor Relay torhbasd brasshornrelay11 cryptonanus fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226 tor pid 1597 network manager pid 906 IPv6 privacy RFC4941 ssh agent 1377 When I ran a several different network scans from my android I found my 2.4ghz and 5 ghz wifi names along with HOME-E2DE 2.4 and 5. My wifi networks run off channel 6 while the 'HOME' one runs off channel 1. On Sun, May 29, 2016 at 12:27 PM, Percy Blakeney <di99in5@gmail.com> wrote:
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. There are files on my Linux computers that show me what to display if I run a netstat command or nstat command so even when I try to figure things out I'll continue to get the same results every time. Terminal fortune cookies were installed without me installing them. One time upon opening up my terminal the little penguin's thought cloud said this: "I am number 2. You are number 6." Though I know a terminal only takes commands I impulsively typed back within it, "I am not a number. I'm a free man!" Immediately after I typed that in this popped up after my sentence, "I am not a number. I'm a free man-tor!" And it was then that I started going through my folders and files and found everything Tor related. Even some link that told me I was running through a Tor router.
On Sun, May 29, 2016 at 12:09 PM, Arjen <arjenvanweelden@gmail.com> wrote:
On 05/29/2016 05:28 PM, Percy Blakeney wrote:
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg. This is as of today:
usr/share/tor/tor-service-defaults-torrc
DataDirectory /var/lib/tor PIDFile /var/run/tor/tor.pid RunasDaemon 1 user debian-tor control socket /var/run/tor/control control socket group writable 1 cookie authentication 1 cookie auth file group readable 1 cookie auth file /var/run/tor/control-authcookie log notice file /var/log/tor/log
etc/tor/torrc
contact info 0xFFFFFFFF Random Person <nobody AT example dot com> #Dirport 80 No Listen #Dirport 127.0.0.1:9091 <http://127.0.0.1:9091> No Advertise #Dirport front page /etc/tor/tor-exit-notice.html #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more #accept *:119 # accept nntp as well as default exit policy
The hashes (#) in from of the lines are part of the default inline documentation in the torrc file, and should have no effect because they are comments. It looks like you or someone with root access installed Tor on your computer. You did not send enough of the torrc file to see if it is configured as an exit. It could just be the default configuration after a "sudo apt-get install tor"...
If you just want to remove Tor from your machine (which runs Debian?), you could just do: sudo apt-get remove tor However, that might remove any clues as to who installed Tor and why.
var/lib/tor
lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible) cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content is not visible to me)
The contents of the files and logs might only be readable by root, so using sudo might help to read them.
tor.pid-32156
/var/lib/tor/state
#Tor state file last generated on 2016-05-25 04:36:02 local time #Other times below are in UTC #You *do not* need to edit this file.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20
THERE'S WAY more to the above file but I'm not sure what I should and shouldn't share on here. As a matter of fact, I'm not sure what half of this stuff means so I've spent the last few months trying to educate myself on as much of this as possible. Like I said, I am MORE than willing to talk to anyone out there who may be able to help.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 05/29/2016 10:27 AM, Percy Blakeney wrote:
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. ...
Given what you've said, you might want to replace all of your electronics. The router, and all computers and other devices that have been connected to it, through wires or WiFi. Maybe also change ISP. That may seem extreme. For computers, it might be sufficient to replace HDDs/SSDs. But smartphones, you should just replace entirely. The concern is that malware can be hidden in other components, not just in HDDs/SSDs. Also, be very careful about transferring files from old machines. If you must, transfer individual files, not entire folders. Ideally, you would scan each file for malware in an intermediate throwaway machine, running a different OS. Maybe OSX, if your other machines are Windows and Linux. Or Windows, if your other machines are OSX and Linux. You can use USB flash drives. But use a given one only for a given pair of machines, to reduce the risk of transferring malware. <SNIP>
I did just that. TWICE. I now have a total of 5 phones, 3 laptops, 2 desktops 2 printers, and I'm now on my third router/modem. Whomever, whatever this is knows how to get into the firmware. I know this sounds crazy but it's true. I'd give anything for someone to come here and see for themselves. On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir@riseup.net> wrote:
On 05/29/2016 10:27 AM, Percy Blakeney wrote:
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. ...
Given what you've said, you might want to replace all of your electronics. The router, and all computers and other devices that have been connected to it, through wires or WiFi. Maybe also change ISP.
That may seem extreme. For computers, it might be sufficient to replace HDDs/SSDs. But smartphones, you should just replace entirely. The concern is that malware can be hidden in other components, not just in HDDs/SSDs.
Also, be very careful about transferring files from old machines. If you must, transfer individual files, not entire folders. Ideally, you would scan each file for malware in an intermediate throwaway machine, running a different OS. Maybe OSX, if your other machines are Windows and Linux. Or Windows, if your other machines are OSX and Linux. You can use USB flash drives. But use a given one only for a given pair of machines, to reduce the risk of transferring malware.
<SNIP>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 05/29/2016 04:23 PM, Percy Blakeney wrote:
I did just that. TWICE. I now have a total of 5 phones, 3 laptops, 2 desktops 2 printers, and I'm now on my third router/modem. Whomever, whatever this is knows how to get into the firmware. I know this sounds crazy but it's true. I'd give anything for someone to come here and see for themselves.
Well, this is rather off-topic for this list. But whatever you're dealing with, it must be getting in somehow. Three possibilities come to mind: 1) infected files; 2) network exploits; and 3) physical access. Rich document formats may carry malware. Perhaps your ISP has been compromised. I've read that drug gangs have infiltrated some Mexican ISPs, for example. Maybe someone is black-bagging you. First review your physical security. Create a safe work area, with a good digital lock, and hidden security cameras. Maybe start with an offline machine. Pick a random large city, drive there, and buy a laptop with cash. Don't reveal your identity. If you must go online, buy a separate WiFi dongle, and disable onboard WiFi. Then only use public WiFi, but never anywhere near where you live. But again, this is off-topic here. If you want to talk more, email me off-list.
On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir@riseup.net> wrote:
On 05/29/2016 10:27 AM, Percy Blakeney wrote:
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. ...
Given what you've said, you might want to replace all of your electronics. The router, and all computers and other devices that have been connected to it, through wires or WiFi. Maybe also change ISP.
That may seem extreme. For computers, it might be sufficient to replace HDDs/SSDs. But smartphones, you should just replace entirely. The concern is that malware can be hidden in other components, not just in HDDs/SSDs.
Also, be very careful about transferring files from old machines. If you must, transfer individual files, not entire folders. Ideally, you would scan each file for malware in an intermediate throwaway machine, running a different OS. Maybe OSX, if your other machines are Windows and Linux. Or Windows, if your other machines are OSX and Linux. You can use USB flash drives. But use a given one only for a given pair of machines, to reduce the risk of transferring malware.
<SNIP>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
OMG - I had the same thing happen to me back a few years. What I did was completely destroy ALL computer equipment with a hammer. The weird part about it was it keeps coming back now even 10 years later. On May 29, 2016 3:23 PM, "Percy Blakeney" <di99in5@gmail.com> wrote:
I did just that. TWICE. I now have a total of 5 phones, 3 laptops, 2 desktops 2 printers, and I'm now on my third router/modem. Whomever, whatever this is knows how to get into the firmware. I know this sounds crazy but it's true. I'd give anything for someone to come here and see for themselves.
On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir@riseup.net> wrote:
On 05/29/2016 10:27 AM, Percy Blakeney wrote:
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. ...
Given what you've said, you might want to replace all of your electronics. The router, and all computers and other devices that have been connected to it, through wires or WiFi. Maybe also change ISP.
That may seem extreme. For computers, it might be sufficient to replace HDDs/SSDs. But smartphones, you should just replace entirely. The concern is that malware can be hidden in other components, not just in HDDs/SSDs.
Also, be very careful about transferring files from old machines. If you must, transfer individual files, not entire folders. Ideally, you would scan each file for malware in an intermediate throwaway machine, running a different OS. Maybe OSX, if your other machines are Windows and Linux. Or Windows, if your other machines are OSX and Linux. You can use USB flash drives. But use a given one only for a given pair of machines, to reduce the risk of transferring malware.
<SNIP>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 05/29/2016 05:28 PM, Greg Moss wrote:
OMG - I had the same thing happen to me back a few years. What I did was completely destroy ALL computer equipment with a hammer. The weird part about it was it keeps coming back now even 10 years later. On May 29, 2016 3:23 PM, "Percy Blakeney" <di99in5@gmail.com> wrote:
:) Less work to just burn it all ;) <SNIP>
I suggest a clean install of your computers and your smartphones. For your smartphone: don't use the factory reset, make sure that its firmware gets flashed. Most viruses or malware don't wait within your computer's bios for a new opportunity. Don't allow "autostart" for usb sticks or other data storages. Use cds or dvds provided by someone you trust to check on your computers and then do a clean install. If you need any advice mail me off list. Maybe I can help with this. ~Andrea On 5/30/2016 12:23 AM, Percy Blakeney wrote:
I did just that. TWICE. I now have a total of 5 phones, 3 laptops, 2 desktops 2 printers, and I'm now on my third router/modem. Whomever, whatever this is knows how to get into the firmware. I know this sounds crazy but it's true. I'd give anything for someone to come here and see for themselves.
On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir@riseup.net <mailto:mirimir@riseup.net>> wrote:
On 05/29/2016 10:27 AM, Percy Blakeney wrote: > Whomever is and has been behind this is selective with what I can and can't > see. I KNOW our electronics are and have been controlled since we moved > here January 2014. I know this because at one time "they" were interacting > with me on via my desktop. I was asked if "they" could run a d-bus session > on another computer I have connected. Not knowing what a d-bus session was > "they" gave me a step by step run down on how to do it. I did what "they" > asked because it was kind of exciting. Now in retrospect it's more scary > than anything else. ...
Given what you've said, you might want to replace all of your electronics. The router, and all computers and other devices that have been connected to it, through wires or WiFi. Maybe also change ISP.
That may seem extreme. For computers, it might be sufficient to replace HDDs/SSDs. But smartphones, you should just replace entirely. The concern is that malware can be hidden in other components, not just in HDDs/SSDs.
Also, be very careful about transferring files from old machines. If you must, transfer individual files, not entire folders. Ideally, you would scan each file for malware in an intermediate throwaway machine, running a different OS. Maybe OSX, if your other machines are Windows and Linux. Or Windows, if your other machines are OSX and Linux. You can use USB flash drives. But use a given one only for a given pair of machines, to reduce the risk of transferring malware.
<SNIP>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I had a very annoying control freak systems administrator some years back working on systems I owned, but he sought absolute control so he changed passwords everywhere. He could not understand how message-of-the-day or banner would continue to change. To my amusement never mentioned to me the "security breaches". He never saw that I had a Zebedee reverse tunnel connecting to the Unix server's telnet running out on port 443 out my own external server. Then noticed that in /etc/passwd there was another login with 0:0 root permissions. None of his changes to passwords, including root, or fiddling with the router could lock me out and of my control. About the only way I can see that your scenario of entry into a system is that an old machine is running a reverse tunnel. I doubt passwords were ever cracked. If I had all those breaches described and a mysterious Tor on my network I think I'd need to check I was taking my tablets Gerry Dr Gerry Bulger -----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Andrea Sent: 30 May 2016 07:58 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It I suggest a clean install of your computers and your smartphones. For your smartphone: don't use the factory reset, make sure that its firmware gets flashed. Most viruses or malware don't wait within your computer's bios for a new opportunity. Don't allow "autostart" for usb sticks or other data storages. Use cds or dvds provided by someone you trust to check on your computers and then do a clean install. If you need any advice mail me off list. Maybe I can help with this. ~Andrea On 5/30/2016 12:23 AM, Percy Blakeney wrote:
I did just that. TWICE. I now have a total of 5 phones, 3 laptops, 2 desktops 2 printers, and I'm now on my third router/modem. Whomever, whatever this is knows how to get into the firmware. I know this sounds crazy but it's true. I'd give anything for someone to come here and see for themselves.
On Sun, May 29, 2016 at 3:53 PM, Mirimir <mirimir@riseup.net <mailto:mirimir@riseup.net>> wrote:
On 05/29/2016 10:27 AM, Percy Blakeney wrote: > Whomever is and has been behind this is selective with what I can and can't > see. I KNOW our electronics are and have been controlled since we moved > here January 2014. I know this because at one time "they" were interacting > with me on via my desktop. I was asked if "they" could run a d-bus session > on another computer I have connected. Not knowing what a d-bus session was > "they" gave me a step by step run down on how to do it. I did what "they" > asked because it was kind of exciting. Now in retrospect it's more scary > than anything else. ...
Given what you've said, you might want to replace all of your electronics. The router, and all computers and other devices that have been connected to it, through wires or WiFi. Maybe also change ISP.
That may seem extreme. For computers, it might be sufficient to replace HDDs/SSDs. But smartphones, you should just replace entirely. The concern is that malware can be hidden in other components, not just in HDDs/SSDs.
Also, be very careful about transferring files from old machines. If you must, transfer individual files, not entire folders. Ideally, you would scan each file for malware in an intermediate throwaway machine, running a different OS. Maybe OSX, if your other machines are Windows and Linux. Or Windows, if your other machines are OSX and Linux. You can use USB flash drives. But use a given one only for a given pair of machines, to reduce the risk of transferring malware.
<SNIP>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am assuming that you want to know how to stop tor entirely? Just to find out more about your tor-installation, could you give us the following information? State the output of: tor --list-fingerprint and: (SSH-access to the computer possible?) ps -e | grep ssh and: (lists the users of your computer) cut -d: -f1 /etc/passwd and: (who is in the group of sudoers?) grep -Po '^sudo.+:\K.*$' /etc/group All commands can be run without sudo. What do you mean with "Tor is only the tip of the iceberg." If you don't want this, maybe a clean install would handle your problems? ~Andrea On 5/29/2016 5:28 PM, Percy Blakeney wrote:
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg. This is as of today:
usr/share/tor/tor-service-defaults-torrc
DataDirectory /var/lib/tor PIDFile /var/run/tor/tor.pid RunasDaemon 1 user debian-tor control socket /var/run/tor/control control socket group writable 1 cookie authentication 1 cookie auth file group readable 1 cookie auth file /var/run/tor/control-authcookie log notice file /var/log/tor/log
etc/tor/torrc
contact info 0xFFFFFFFF Random Person <nobody AT example dot com> #Dirport 80 No Listen #Dirport 127.0.0.1:9091 <http://127.0.0.1:9091> No Advertise #Dirport front page /etc/tor/tor-exit-notice.html #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more #accept *:119 # accept nntp as well as default exit policy
var/lib/tor
lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible) cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content is not visible to me)
tor.pid-32156
/var/lib/tor/state
#Tor state file last generated on 2016-05-25 04:36:02 local time #Other times below are in UTC #You *do not* need to edit this file.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20
THERE'S WAY more to the above file but I'm not sure what I should and shouldn't share on here. As a matter of fact, I'm not sure what half of this stuff means so I've spent the last few months trying to educate myself on as much of this as possible. Like I said, I am MORE than willing to talk to anyone out there who may be able to help.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Does this happen to be "your" node? https://globe.torproject.org/#/relay/4544D4026D447CDA4F8E7F22ED73E8565CCA569...
participants (9)
-
Ana Lucia Cortez -
Andrea -
Arjen -
Dr Gerard Bulger -
Greg Moss -
I -
Mirimir -
ncl@cock.li -
Percy Blakeney