[tor-relays] Sent open privoxy port warning
Luther Blissett
lblissett at paranoici.org
Fri Sep 13 16:00:26 UTC 2013
Ow, forgot to say, don't bother with that hex. From what I could get
with the help of others, this is just a byte reversed/corrupted log
entry. Since the hard drive used to store logs is some years old, I
guess this is related to badblocks.
On Wed, 2013-09-11 at 12:35 -0700, Aaron Hopkins wrote:
> I sent the following warning to the listed e-mail address of 14 of the 19
> Tor nodes I found that accepted connections on port 8118, some of which
> bounced.
>
> If any of you run or know how to get in touch with the operators of the
> nodes DaJoker, FawkesSwissBlade, LUDICROUS2U, RaspberryPI, pangu,
> mouseHouse, tornonym, or 75.137.122.118, I'd appreciate if you could pass
> this along.
>
> Thanks!
>
> -- Aaron
>
> ---
>
> I noticed your Tor node _ with an IP of _ is one of 19 nodes that accepts
> connections publicly on TCP port 8118, which is the default port for
> Privoxy. I suspect this might be a configuration mistake.
>
> I'm investigating this because my tor node "tordienet" has received millions
> of HTTP proxy requests to port 8118 per day for months. The requests appear
> to come from a botnet running on roughly 1500 IPs, and seem to be
> advertising click-fraud related. From the discussion in July on the
> tor-relays at lists.torproject.org mailing list (archive at
> https://lists.torproject.org/pipermail/tor-relays/), this appears to be true
> of many nodes.
>
> Port 8118 is the default port for Privoxy, which comes bundled with Tor but
> is meant to provide an HTTP proxy for you and your local users to browse
> through and is not designed to be offered as a public service. If you don't
> use Privoxy, would you mind shutting it down? Or if you do, can you move it
> to a different port and/or only allow your own IPs to connect to it?
>
> I'd be happy to provide more information or help you with the configuration
> changes if I can.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list