[tor-relays] Sent open privoxy port warning
Aaron Hopkins
lists at die.net
Wed Sep 11 19:35:46 UTC 2013
I sent the following warning to the listed e-mail address of 14 of the 19
Tor nodes I found that accepted connections on port 8118, some of which
bounced.
If any of you run or know how to get in touch with the operators of the
nodes DaJoker, FawkesSwissBlade, LUDICROUS2U, RaspberryPI, pangu,
mouseHouse, tornonym, or 75.137.122.118, I'd appreciate if you could pass
this along.
Thanks!
-- Aaron
---
I noticed your Tor node _ with an IP of _ is one of 19 nodes that accepts
connections publicly on TCP port 8118, which is the default port for
Privoxy. I suspect this might be a configuration mistake.
I'm investigating this because my tor node "tordienet" has received millions
of HTTP proxy requests to port 8118 per day for months. The requests appear
to come from a botnet running on roughly 1500 IPs, and seem to be
advertising click-fraud related. From the discussion in July on the
tor-relays at lists.torproject.org mailing list (archive at
https://lists.torproject.org/pipermail/tor-relays/), this appears to be true
of many nodes.
Port 8118 is the default port for Privoxy, which comes bundled with Tor but
is meant to provide an HTTP proxy for you and your local users to browse
through and is not designed to be offered as a public service. If you don't
use Privoxy, would you mind shutting it down? Or if you do, can you move it
to a different port and/or only allow your own IPs to connect to it?
I'd be happy to provide more information or help you with the configuration
changes if I can.
More information about the tor-relays
mailing list