[tor-talk] (D)DOS over Tor network ? Help !

fuckyouhosting at ruggedinbox.com fuckyouhosting at ruggedinbox.com
Mon Dec 1 22:44:58 UTC 2014 

On 2014-12-01 07:55, Mirimir wrote:
> On 12/01/2014 12:13 AM, fuckyouhosting at ruggedinbox.com wrote:
>> On 2014-12-01 02:24, Christian Gagneraud wrote:
>>> On 01/12/14 14:46, fuckyouhosting at ruggedinbox.com wrote:
>>>> Hi List! We (try to) maintain a free hosting platform for hidden 
>>>> service
>>>> websites, here: http://fuckyouhotwkd3xh.onion
>>>> but recently all the hosted hidden services became unreachable.
>>> [...]
>>>> So .. question: is there a way to understand which hidden service is
>>>> causing all this ?
>>>> 
>>>> Suggestions are welcome!
>>> 
>>> This might help:
>>> https://lists.torproject.org/pipermail/tor-talk/2014-November/035787.html
>>> 
>>> Chris
>>> 
>>>> 
>>>> Thank you.
>> 
>> Hi again, ok we followed the advise and captured a number of sessions,
>> while starting Tor and while reloading it, several times to be sure.
>> 
>> We splitted and sorted the results with this command:
>> grep "PURPOSE=HS" dbg3.txt|awk '{ print $9 }'| sort |less
>> (which print just the hidden service name, for example
>> REND_QUERY=fuckyouhotwkd3xh)
>> but are unable to find an address repeated more than around 30 times,
>> example:
>> 
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> REND_QUERY=fuckyouhotwkd3xh
>> 
>> in short, the addresses are balanced among all the files, still unable
>> to find the 'black sheep'.
> 
> In your torrc, create a new test hidden service, and comment out all of
> the rest. The new hidden service should be accessible. If it's not, you
> have other problems. If the new hidden service is accessible, add back
> the old ones, one at a time, and check accessibility of the test hidden
> service after each addition. That should reveal the black sheep.

Hi, thanks for the suggestion but we were looking for a more 
'programmatic' way: a straight indication about the offending HS, which 
eventually can be used by fail2ban or a custom script
to automatically switch off the black sheeps.

Moreover, consider that we are talking about hundreds of hidden services 
..

More information about the tor-talk mailing list