[tor-relays] I'm Running A Tor Exit Node And NEVER Initiated It

Arjen arjenvanweelden at gmail.com
Sun May 29 16:09:37 UTC 2016 

On 05/29/2016 05:28 PM, Percy Blakeney wrote:
> Like I stated a few minutes ago, I am and have been running Tor from my
> location yet I have nothing to do with it.  I have been sitting on this
> for a while.  Before anyone comes down on me for it, you have to
> understand what I've been going through with my network.  Tor is only
> the tip of the iceberg.  This is as of today:
>
> usr/share/tor/tor-service-defaults-torrc
>
> DataDirectory /var/lib/tor
> PIDFile /var/run/tor/tor.pid
> RunasDaemon 1
> user debian-tor
> control socket /var/run/tor/control
> control socket group writable 1
> cookie authentication 1
> cookie auth file group readable 1
> cookie auth file /var/run/tor/control-authcookie
> log notice file /var/log/tor/log
>
> etc/tor/torrc
>
> contact info 0xFFFFFFFF Random Person <nobody AT example dot com>
> #Dirport 80 No Listen
> #Dirport 127.0.0.1:9091 <http://127.0.0.1:9091> No Advertise
> #Dirport front page /etc/tor/tor-exit-notice.html
> #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more
> #accept *:119 # accept nntp as well as default exit policy
>

The hashes (#) in from of the lines are part of the default inline 
documentation in the torrc file, and should have no effect because they 
are comments.
It looks like you or someone with root access installed Tor on your 
computer. You did not send enough of the torrc file to see if it is 
configured as an exit. It could just be the default configuration after 
a "sudo apt-get install tor"...

If you just want to remove Tor from your machine (which runs Debian?), 
you could just do: sudo apt-get remove tor
However, that might remove any clues as to who installed Tor and why.

> var/lib/tor
>
> lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me)
> cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not
> visible to me)
> cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not
> visible to me)
> cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is
> not visible to me)
> state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible)
> cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content
> is not visible to me)
>

The contents of the files and logs might only be readable by root, so 
using sudo might help to read them.

> tor.pid-32156
>
> /var/lib/tor/state
>
> #Tor state file last generated on 2016-05-25 04:36:02 local time
> #Other times below are in UTC
> #You *do not* need to edit this file.
>
> EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache
> EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2  0.2.4.27
> 2016-04-28 16:16:20
>
> THERE'S WAY more to the above file but I'm not sure what I should and
> shouldn't share on here.  As a matter of fact, I'm not sure what half of
> this stuff means so I've spent the last few months trying to educate
> myself on as much of this as possible.  Like I said, I am MORE than
> willing to talk to anyone out there who may be able to help.
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list