[tor-talk] OnionBalance Hidden Service has over 1 million successful hits in just 3 days
thomaswhite at riseup.net
Thu Jul 9 09:58:03 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
304 is people visiting using the Tor browser where the data is cached,
304 just lets it know the cache data is still valid instead of
404 look like they might be either scanners or some cases, and in
other just look like random attempts to find pages. Here is an exampe:
127.0.0.1 - - [redacted redacted] "GET /id=123 HTTP/1.1" 404 432 "-"
"Mozilla/5.0 (Windows NT 6.1; rv: 31.0) Geck0/20100101 Firefox/31.0
(Tor Browser Bundle)"
Here is a 403 attempt to get the mod_status module in apache installs.
127.0.0.1 - - [redacted redacted] "GET /server-status HTTP/1.1" 403
402 "-" "-"
So afaik just people crawling to find details on the site or looking
if we have some vulnerability.
On 09/07/2015 07:12, Jim wrote:
> Ben wrote:
>> I forgot to tell it to add a timestamp, so comparison against
>> your logs would be nigh on impossible - have set the same script
>> running with timestamps added, will keep an eye to see whether
>> any failed connections have been logged.
>> I do, however, have some entries in my tor client logs
>> Jul 08 09:03:55.000 [notice] Rend stream is 120 seconds late.
>> Giving up on address '[scrubbed].onion'.
> For various reasons I have only been able to make a few
> connections, but they have been more than 10 minutes apart so, as
> I understand it, they should all have established new circuits.
> This was scripted using wget. I have had over 40 successes with
> one failure, logged as follows (I have adjusted the time to UTC):
> Jul 9 05:10:23 host Tor: Tried for 120 seconds to get a
> connection to [scrubbed]:80. Giving up. (waiting for rendezvous
> Following this failure I have had some successes. (Initially I
> thought maybe the test site had been shut down.)
> Also, Thomas, I am wondering if you can explain what the 304 (Not
> Modified), 404 (Not Found), and 403 (Forbidden) codes were caused
> by. I suppose for 404 somebody could have requested a
> non-existent page on the site, but the other two have me baffled.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the tor-talk