Protect Your Website – Block Tor Network Exit Nodes

What is the TorProject

The TorProject is a pretty cool option to help you preserve your anonymity on the internet.  Among other things, the Torproject created the Tor browser that allows you to surf without directly contacting the remote server.  What your network administrator sees is that you are connected to a Tor Entry point server.  The Tor network will then contact your destination server through one of many Tor Exit points.  Just as your network administrator will not know which servers you are contacting, the destination server will not know what your source ip address is when you are using the Tor network.

Anonymity has its Problems

While the Tor network has a remarkable upside, there are some issues that it can present.  Some of my other websites have been attacked by people using the Tor network to hide their identity.  This leads to the network being distrusted and is unfortunate.

TorProject Exit List Exporter

Because of the issue that I had, I needed a way to protect my websites from the tor exit list, and to the Torproject’s credit, they provide one for you.

Block Tor network exit nodes - Tor Bulk Exit List exporting tool webpage

Tor Bulk Exit List exporting tool webpage

They have created a webpage that you can find at:  https://check.torproject.org/cgi-bin/TorBulkExitList.py where you can type in your server’s ip address and it will give you the list of exit points that would be used to access your website.  As this list is dynamic and can change, you need to get an updated list frequently.

Block Tor network exit nodes and Automate the List Download

To resolve my problem on my other machine, I simply created a small script that will get the exit list and add the exit points to my iptables firewall.  Which you can see below.  You are welcome to use my script which is listed below.  Just put a comment in the comments section below and tell me how it works for you.  I put the script below in a file at the path:  /usr/local/sbin/gettorlist, then I ran chmod 700 /usr/local/sbin/gettorlist; chown root:root /usr/local/sbin/gettorlist.

# Gets List of the Torproject Exit Points that would access your ipaddress
#
# This URL gets the new list:
#
URL=’https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=<ENTER YOUR IP ADDRESS HERE>
TORIPLIST=.toriplistGETTORLIST()
{
/usr/bin/wget –no-check-certificate –output-document=${TORIPLIST} ${URL}
} # End of GETTORLIST

BLOCKADDRESSES()
{
# Create a chain named TORBLOCK.
/sbin/iptables -N TORBLOCK
# Flush the TORBLOCK chain.
/sbin/iptables -F TORBLOCK
# Return to parent chain if the source is not in the TORBLOCK chain.
/sbin/iptables -I TORBLOCK -j RETURN
# Then do this for each address to block:
# /sbin/iptables -I TORBLOCK -s IPADDRESS -j DROP
# We are doing the above in the loop below:

for node in `/bin/grep -v -e ^# ${TORIPLIST}`
do
/sbin/iptables -I TORBLOCK -s $node -j DROP
done

} # End of BLOCKADDRESSES

GETTORLIST
BLOCKADDRESSES

rm -f ${TORIPLIST}

Schedule with Crontab

Finally, I schedule it to run every hour or so with crontab.  This way, I get constant updates to the list in my firewall.  This has totally eliminated the attacks that I was getting from through the Tor network.  You can see the Tor Exit List ip addresses in your iptables firewall by typing:  “service iptables status”.

 

 

The following two tabs change content below.
Jeff has 20 years of professional IT experience, having done nearly everything in his roles of IT consultant, Systems Integrator, Systems Engineer, CNOC Engineer, Systems Administrator, Network Systems Administrator, and IT Director. If there is one thing he knows for sure, it is that there is always a simple answer to every IT problem and that downtime begins with complexity. Seasoned IT professional by day, Jeff hopes to help other IT professionals by blogging about his experiences at night on his blog: http://uptimemadeeasy.com. You can find Jeff on or LinkedIn at: LinkedIn or Twitter at: Twitter

Latest posts by Jeff Staten (see all)

3 comments for “Protect Your Website – Block Tor Network Exit Nodes

  1. Vasil Petrov
    December 18, 2014 at 4:22 pm

    Works for me with little rework. Good job, thank you 🙂
    Saved 45 minutes from my life with this.
    My version:
    #!/bin/bash
    {
    wget https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=YOUR_IP_HERE -O /etc/rc.d/torrs
    }
    BLOCKADDRESSES()
    {
    /usr/sbin/iptables -N TORBLOCK
    /usr/sbin/iptables -F TORBLOCK
    /usr/sbin/iptables -I TORBLOCK -j RETURN

    for node in `/bin/grep -v -e ^# /etc/rc.d/torrs`
    do
    /usr/sbin/iptables -I TORBLOCK -s $node -j DROP
    done

    }.
    BLOCKADDRESSES

  2. Rick Chatham
    March 3, 2015 at 3:36 pm

    Thanks so much for putting this up! It completely stopped an attack that was taking our entire company down earlier today!

  3. TSPS
    February 22, 2017 at 6:30 am

    Thanks for the explanation. I used it but I saw that it wasn’t blocking anything from the list, but everything was loading OK from the files into iptables..

    I added this:

    /sbin/iptables -D INPUT -j TORBLOCK
    /sbin/iptables -I INPUT -j TORBLOCK

    just after creating the TORBLOCK with the -N option… now it works perfectly.. the list wasn’t being called to process…

Leave a Reply

Your email address will not be published. Required fields are marked *