vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Tor project enables anonymous hack attempts - how to combat it? (https://vborg.vbsupport.ru/showthread.php?t=183300)

Eunos 06-23-2008 10:14 AM
Tor project enables anonymous hack attempts - how to combat it?
 
In the past 5 days, I've been getting swamped with email from registered forum users who are responding to the vB note that gets sent out when someone fails after 5 login attempts. Every one of them was telling me "it wasn't me".

Investigation of the IP addresses they're coming from reveals that they're bouncing off exit nodes from the Tor network. The Tor network is a distributed cryptographic anonymizing proxy service. It is not possible at this time to identify the actual source.

So in layman's terms - the hack attempts are coming from someone who is abusing the Tor network in order to anonymously attempt to log in to this forum as a legitimate user. If they succeed, they're most likely going to use it to spam the forum with ads.

I've been firewalling out IP addresses right and left, but this is proving to be useless since there are hundreds, or maybe thousands of Tor servers out there, and the hackers simply find another one to continue their barrage. And since Tor is totally anonymous, there's no way to identify the originator, and therefore no way to halt the break in attempts.

I found an abuse FAQ, and it has some hints on how to determine whether an IP is a Tor exit server.

What I'd like to do is have a hack that can identify a server as a Tor server, and simply block all registration and login attempts from those servers.

Has anyone does this? Any different suggestions?

KURTZ 06-23-2008 10:29 AM
have you tried PM's hack 'proxy to real ip' add-on?

Eunos 06-23-2008 10:57 AM
How would that help?

Angel-Wings 06-26-2008 08:39 AM
That wouldn't help - no need to install it. About the problem - there's not much you can do :(

fedorama 06-26-2008 09:45 AM
I'm pretty sure there is something you can add server-side that will block all Tor IPs .. at least I remember reading that on the Tor project.

Eunos 06-26-2008 09:51 AM
Its really getting annoying, mostly because of the email that vB sends telling the account holder that someone tried to hack their account. So they get all worked up and scared, and they send me email telling me to delete their account - which I don't want to do because I hate having posts from someone named "Guest".

Alfa1 06-26-2008 11:45 AM
Proxy to IP is real helpful with identifying proxy users. Consider this hack:
https://vborg.vbsupport.ru/showthrea...ighlight=proxy
Note that it excludes safari users.

Dismounted 06-26-2008 12:42 PM
I don't think you understand the Tor network, Alfa1. Tor makes it pretty much impossible to locate where data originally came from, as it is passed from node to node before reaching its destination.

JoeBOBBillyTed 06-26-2008 12:57 PM
Why not disable the email. It won't fix the main problem, however it may stop the bleeding.

blind-eddie 06-26-2008 01:50 PM
wild card ban thier ip within your host, not only your site.


All times are GMT. The time now is 03:29 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02393 seconds
  • Memory Usage 1,723KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete