[tor-talk] (D)DOS over Tor network ? Help !

Cyrus cyrus_the_great at riseup.net
Sun Dec 7 12:42:09 UTC 2014 

It was much easier to start running every hidden service as a separate
process. I did it with this lazy bash script, after moving all the
hidden services into a folder called called /var/lib/tor/auto and
creatinv configs in /etc/tor/users from a template called
/etc/tor/torrc-unique - that template has values called %PORT% and %USER%

I will improve the shell script so it is also an interface to add new
hidden services, and stop old ones by name only.

#!/bin/bash

p="10000"

cd /var/lib/tor/auto
find * -type d | while read d; do
        cp /etc/tor/torrc-unique /etc/tor/users/torrc-$d
        sed -i "s/%USER%/$d/g" /etc/tor/users/torrc-$d
        sed -i "s/%PORT%/$p/g" /etc/tor/users/torrc-$d
        p=`expr $p + 1`
        echo "HiddenServiceDir /var/lib/tor/auto/$d" >>
/etc/tor/users/torrc-$d
        echo "HiddenServicePort 80 192.168.0.3:80" >>
/etc/tor/users/torrc-$d
        echo "HiddenServicePort 22 192.168.0.3:22" >>
/etc/tor/users/torrc-$d
        tor --RunAsDaemon 1 -f /etc/tor/users/torrc-$d
done

fuckyouhosting at ruggedinbox.com wrote:
> On 2014-12-01 01:46, fuckyouhosting at ruggedinbox.com wrote:
>> Hi List! We (try to) maintain a free hosting platform for hidden
>> service websites, here: http://fuckyouhotwkd3xh.onion
>> but recently all the hosted hidden services became unreachable.
>>
>> Tor logs are correctly reporting the problem:
>>
>> Dec 01 XXX [notice] Your Guard SoylentGreen (XXX) is failing more
>> circuits than usual. Most likely this means the Tor network is
>> overloaded. Success counts are 147/210. Use counts are 86/86. 147
>> circuits completed, 0 were unusable, 1 collapsed, and 1000 timed out.
>> For reference, your timeout cutoff is 60 seconds.
>>
>> Dec 01 XXX [notice] Your Guard regar42 (XXX) is failing more circuits
>> than usual. Most likely this means the Tor network is overloaded.
>> Success counts are 122/178. Use counts are 91/92. 137 circuits
>> completed, 15 were unusable, 0 collapsed, and 17 timed out. For
>> reference, your timeout cutoff is 113 seconds.
>>
>> ...
>>
>> trying to change the Guard, by deleting the /var/lib/tor/state file,
>> results in the same problem and logs, just with a different Guard.
>>
>> Trying to host just our hidden service (fuckyouhotwkd3xh.onion),
>> by deleting all the other hidden services in the torrc file,
>> 'solves' the problem .. logs looks ok and the service is reachable.
>>
>> It looks like we are hosting an 'offending' hidden service
>> which is the target of a (D)DOS attack.
>>
>> We tried to enable Tor debugging and to sniff some traffic
>> but were unable to find the offending hidden service.
>>
>> All the access.log and error.log of the hosted websites are ok,
>> they don't grow in size and don't log any flood.
>>
>> Even the bandwidth usage of the server looks ok, basically there is no
>> traffic.
>>
>>
>> So .. question: is there a way to understand which hidden service is
>> causing all this ?
>>
>> Suggestions are welcome!
>>
>> Thank you.
> 
> Hi again, it looks like we are in good company:
> https://lists.torproject.org/pipermail/tor-talk/2014-November/035787.html (Isolating
> a hidden service hit by DDOS)
> sorry for not noticing that before, we'll try to follow the same advises.

-- 
CYRUSERV Onionland Hosting: http://cyruservvvklto2l.onion/
PGP public key: http://cyruservvvklto2l.onion/contact
This email is just for mailing lists and private correspondence.
Please use cyrus_the_great at lelantos.org for business inquiries.

More information about the tor-talk mailing list