[tor-talk] (D)DOS over Tor network ? Help !

Cyrus cyrus_the_great at riseup.net
Sun Dec 7 12:38:27 UTC 2014


fuckyouhosting at ruggedinbox.com wrote:
> Hi List! We (try to) maintain a free hosting platform for hidden service
> websites, here: http://fuckyouhotwkd3xh.onion
> but recently all the hosted hidden services became unreachable.
> 
> Tor logs are correctly reporting the problem:
> 
> Dec 01 XXX [notice] Your Guard SoylentGreen (XXX) is failing more
> circuits than usual. Most likely this means the Tor network is
> overloaded. Success counts are 147/210. Use counts are 86/86. 147
> circuits completed, 0 were unusable, 1 collapsed, and 1000 timed out.
> For reference, your timeout cutoff is 60 seconds.
> 
> Dec 01 XXX [notice] Your Guard regar42 (XXX) is failing more circuits
> than usual. Most likely this means the Tor network is overloaded.
> Success counts are 122/178. Use counts are 91/92. 137 circuits
> completed, 15 were unusable, 0 collapsed, and 17 timed out. For
> reference, your timeout cutoff is 113 seconds.
> 
> ...
> 
> trying to change the Guard, by deleting the /var/lib/tor/state file,
> results in the same problem and logs, just with a different Guard.
Don't ever change your guards because someone wants you to.
> 
> Trying to host just our hidden service (fuckyouhotwkd3xh.onion),
> by deleting all the other hidden services in the torrc file,
> 'solves' the problem .. logs looks ok and the service is reachable.
> 
> It looks like we are hosting an 'offending' hidden service
> which is the target of a (D)DOS attack.
> 
> We tried to enable Tor debugging and to sniff some traffic
> but were unable to find the offending hidden service.
Run Tor as separate processes for each customer. A simple shell script
can write a torrc for each hidden service directory and start it.
> 
> All the access.log and error.log of the hosted websites are ok,
> they don't grow in size and don't log any flood.
> 
> Even the bandwidth usage of the server looks ok, basically there is no
> traffic.
> 
> 
> So .. question: is there a way to understand which hidden service is
> causing all this ?
> 
> Suggestions are welcome!
> 
> Thank you.

-- 
CYRUSERV Onionland Hosting: http://cyruservvvklto2l.onion/
PGP public key: http://cyruservvvklto2l.onion/contact
This email is just for mailing lists and private correspondence.
Please use cyrus_the_great at lelantos.org for business inquiries.


More information about the tor-talk mailing list