[tor-talk] (D)DOS over Tor network ? Help !
cyrus_the_great at riseup.net
Sun Dec 7 12:42:09 UTC 2014
It was much easier to start running every hidden service as a separate
process. I did it with this lazy bash script, after moving all the
hidden services into a folder called called /var/lib/tor/auto and
creatinv configs in /etc/tor/users from a template called
/etc/tor/torrc-unique - that template has values called %PORT% and %USER%
I will improve the shell script so it is also an interface to add new
hidden services, and stop old ones by name only.
find * -type d | while read d; do
cp /etc/tor/torrc-unique /etc/tor/users/torrc-$d
sed -i "s/%USER%/$d/g" /etc/tor/users/torrc-$d
sed -i "s/%PORT%/$p/g" /etc/tor/users/torrc-$d
p=`expr $p + 1`
echo "HiddenServiceDir /var/lib/tor/auto/$d" >>
echo "HiddenServicePort 80 192.168.0.3:80" >>
echo "HiddenServicePort 22 192.168.0.3:22" >>
tor --RunAsDaemon 1 -f /etc/tor/users/torrc-$d
fuckyouhosting at ruggedinbox.com wrote:
> On 2014-12-01 01:46, fuckyouhosting at ruggedinbox.com wrote:
>> Hi List! We (try to) maintain a free hosting platform for hidden
>> service websites, here: http://fuckyouhotwkd3xh.onion
>> but recently all the hosted hidden services became unreachable.
>> Tor logs are correctly reporting the problem:
>> Dec 01 XXX [notice] Your Guard SoylentGreen (XXX) is failing more
>> circuits than usual. Most likely this means the Tor network is
>> overloaded. Success counts are 147/210. Use counts are 86/86. 147
>> circuits completed, 0 were unusable, 1 collapsed, and 1000 timed out.
>> For reference, your timeout cutoff is 60 seconds.
>> Dec 01 XXX [notice] Your Guard regar42 (XXX) is failing more circuits
>> than usual. Most likely this means the Tor network is overloaded.
>> Success counts are 122/178. Use counts are 91/92. 137 circuits
>> completed, 15 were unusable, 0 collapsed, and 17 timed out. For
>> reference, your timeout cutoff is 113 seconds.
>> trying to change the Guard, by deleting the /var/lib/tor/state file,
>> results in the same problem and logs, just with a different Guard.
>> Trying to host just our hidden service (fuckyouhotwkd3xh.onion),
>> by deleting all the other hidden services in the torrc file,
>> 'solves' the problem .. logs looks ok and the service is reachable.
>> It looks like we are hosting an 'offending' hidden service
>> which is the target of a (D)DOS attack.
>> We tried to enable Tor debugging and to sniff some traffic
>> but were unable to find the offending hidden service.
>> All the access.log and error.log of the hosted websites are ok,
>> they don't grow in size and don't log any flood.
>> Even the bandwidth usage of the server looks ok, basically there is no
>> So .. question: is there a way to understand which hidden service is
>> causing all this ?
>> Suggestions are welcome!
>> Thank you.
> Hi again, it looks like we are in good company:
> https://lists.torproject.org/pipermail/tor-talk/2014-November/035787.html (Isolating
> a hidden service hit by DDOS)
> sorry for not noticing that before, we'll try to follow the same advises.
CYRUSERV Onionland Hosting: http://cyruservvvklto2l.onion/
PGP public key: http://cyruservvvklto2l.onion/contact
This email is just for mailing lists and private correspondence.
Please use cyrus_the_great at lelantos.org for business inquiries.
More information about the tor-talk