[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Sent open privoxy port warning

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Sent open privoxy port warning
From: Aaron Hopkins <lists@xxxxxxx>
Date: Wed, 11 Sep 2013 12:35:46 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Sep 2013 15:36:02 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Alpine 2.02 (LRH 1266 2009-07-14)

I sent the following warning to the listed e-mail address of 14 of the 19
Tor nodes I found that accepted connections on port 8118, some of which
bounced.

If any of you run or know how to get in touch with the operators of the
nodes DaJoker, FawkesSwissBlade, LUDICROUS2U, RaspberryPI, pangu,
mouseHouse, tornonym, or 75.137.122.118, I'd appreciate if you could pass
this along.

Thanks!

                                    -- Aaron

---

I noticed your Tor node _ with an IP of _ is one of 19 nodes that accepts
connections publicly on TCP port 8118, which is the default port for
Privoxy.  I suspect this might be a configuration mistake.

I'm investigating this because my tor node "tordienet" has received millions
of HTTP proxy requests to port 8118 per day for months.  The requests appear
to come from a botnet running on roughly 1500 IPs, and seem to be
advertising click-fraud related.  From the discussion in July on the
tor-relays@xxxxxxxxxxxxxxxxxxxx mailing list (archive at
https://lists.torproject.org/pipermail/tor-relays/), this appears to be true
of many nodes.

Port 8118 is the default port for Privoxy, which comes bundled with Tor but
is meant to provide an HTTP proxy for you and your local users to browse
through and is not designed to be offered as a public service.  If you don't
use Privoxy, would you mind shutting it down?  Or if you do, can you move it
to a different port and/or only allow your own IPs to connect to it?

I'd be happy to provide more information or help you with the configuration
changes if I can.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Sent open privoxy port warning
  - From: Luther Blissett
- Re: [tor-relays] Sent open privoxy port warning
  - From: Luther Blissett

Prev by Author: Re: [tor-relays] Exit relay operators: a call for packets on port 8118
Next by Author: Re: [tor-relays] node list or moral discussion forum
Previous by thread: Re: [tor-relays] Why is my fast relay so slow to gain popularity?
Next by thread: Re: [tor-relays] Sent open privoxy port warning
Index(es):
- Author
- Thread