[tor-talk] (D)DOS over Tor network ? Help !
fuckyouhosting at ruggedinbox.com
fuckyouhosting at ruggedinbox.com
Mon Dec 8 22:11:28 UTC 2014
Hi yes we agree, we think that this is the best solution, currently.
We'll upgrade our hardware asap, adjust the scripts to have a dedicated
Tor daemon for each virtual host and hopefully move on.
On 2014-12-07 12:42, Cyrus wrote:
> It was much easier to start running every hidden service as a separate
> process. I did it with this lazy bash script, after moving all the
> hidden services into a folder called called /var/lib/tor/auto and
> creatinv configs in /etc/tor/users from a template called
> /etc/tor/torrc-unique - that template has values called %PORT% and
> %USER%
>
> I will improve the shell script so it is also an interface to add new
> hidden services, and stop old ones by name only.
>
> #!/bin/bash
>
> p="10000"
>
> cd /var/lib/tor/auto
> find * -type d | while read d; do
> cp /etc/tor/torrc-unique /etc/tor/users/torrc-$d
> sed -i "s/%USER%/$d/g" /etc/tor/users/torrc-$d
> sed -i "s/%PORT%/$p/g" /etc/tor/users/torrc-$d
> p=`expr $p + 1`
> echo "HiddenServiceDir /var/lib/tor/auto/$d" >>
> /etc/tor/users/torrc-$d
> echo "HiddenServicePort 80 192.168.0.3:80" >>
> /etc/tor/users/torrc-$d
> echo "HiddenServicePort 22 192.168.0.3:22" >>
> /etc/tor/users/torrc-$d
> tor --RunAsDaemon 1 -f /etc/tor/users/torrc-$d
> done
>
> fuckyouhosting at ruggedinbox.com wrote:
>> On 2014-12-01 01:46, fuckyouhosting at ruggedinbox.com wrote:
>>> Hi List! We (try to) maintain a free hosting platform for hidden
>>> service websites, here: http://fuckyouhotwkd3xh.onion
>>> but recently all the hosted hidden services became unreachable.
>>>
>>> Tor logs are correctly reporting the problem:
>>>
>>> Dec 01 XXX [notice] Your Guard SoylentGreen (XXX) is failing more
>>> circuits than usual. Most likely this means the Tor network is
>>> overloaded. Success counts are 147/210. Use counts are 86/86. 147
>>> circuits completed, 0 were unusable, 1 collapsed, and 1000 timed out.
>>> For reference, your timeout cutoff is 60 seconds.
>>>
>>> Dec 01 XXX [notice] Your Guard regar42 (XXX) is failing more circuits
>>> than usual. Most likely this means the Tor network is overloaded.
>>> Success counts are 122/178. Use counts are 91/92. 137 circuits
>>> completed, 15 were unusable, 0 collapsed, and 17 timed out. For
>>> reference, your timeout cutoff is 113 seconds.
>>>
>>> ...
>>>
>>> trying to change the Guard, by deleting the /var/lib/tor/state file,
>>> results in the same problem and logs, just with a different Guard.
>>>
>>> Trying to host just our hidden service (fuckyouhotwkd3xh.onion),
>>> by deleting all the other hidden services in the torrc file,
>>> 'solves' the problem .. logs looks ok and the service is reachable.
>>>
>>> It looks like we are hosting an 'offending' hidden service
>>> which is the target of a (D)DOS attack.
>>>
>>> We tried to enable Tor debugging and to sniff some traffic
>>> but were unable to find the offending hidden service.
>>>
>>> All the access.log and error.log of the hosted websites are ok,
>>> they don't grow in size and don't log any flood.
>>>
>>> Even the bandwidth usage of the server looks ok, basically there is
>>> no
>>> traffic.
>>>
>>>
>>> So .. question: is there a way to understand which hidden service is
>>> causing all this ?
>>>
>>> Suggestions are welcome!
>>>
>>> Thank you.
>>
>> Hi again, it looks like we are in good company:
>> https://lists.torproject.org/pipermail/tor-talk/2014-November/035787.html
>> (Isolating
>> a hidden service hit by DDOS)
>> sorry for not noticing that before, we'll try to follow the same
>> advises.
>
> --
> CYRUSERV Onionland Hosting: http://cyruservvvklto2l.onion/
> PGP public key: http://cyruservvvklto2l.onion/contact
> This email is just for mailing lists and private correspondence.
> Please use cyrus_the_great at lelantos.org for business inquiries.
More information about the tor-talk
mailing list