[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How long does it take for websites to discover new exit nodes?



I have a confession to make. 

I have probably blocked Tor, unintentionally at least. But any blocking I’d turned on has been turned off. 

Maybe for up to 14 years it’s been pretty easy for website operators to see basic log information like IP addresses connecting to the website and CPU use. Over the years a pattern emerged that some IP addresses seemed to be extremely aggressive in page requests. 

Over time I decided those IP addresses were proxies of some sort, at times I blocked them, at times I didn’t. When I performed a simple whois IPv4 on the addresses, usually it was clearly a computer in a large hosting environment. It was not clear to me if they were running wget or similar in a horrible fashion and abusing my website, or just an exit point for a proxy. Since I don’t charge money and don’t run ads, I just want to publish, I didn’t dig deep in the reasons, I just clicked “Block IP” in my CMS admin webpage. Which I hoped would be enough to at least let a few of the other IP addresses on the Internet connect. ;-) I also hoped the ignorant bullies would give up and the truly interested would pursue another avenue.

jiggytwiggy, hopefully that sheds some light on the question in the subject line “How long does it take for websites to discover new exit nodes?” at least from the perspective of a website admin who runs on modest hardware. Sometimes it’s as soon as they load an admin webpage and it gives them some feedback on IP addresses of visitors: # hits, & CPU use. I totally admit the IPs may not be Tor exit nodes, but it’s possible they are. And it depends on if those hits equate to paying customers, a huge hosting bill, or a throttled website. 

Your next question has a definite implication of automated checking of the Tor exit node list. 
> “Does anyone know how often sites check the public exit node IP list and add them to their databases of exit nodes?”
It appears this list can be checked at any time in a few ways, so the answer is subjective. In my limited experience, I would say I’ve encountered about 5 fairly memorable pages that recur at seemingly unrelated websites, which seemed to me to be intentionally blocking Tor. All designed to make it look like a technical issue that I should perhaps report, or else a website might say something bland about how they like the European Union “but due to xyzzy we can’t show the page,” i.e. they block Tor. 

The bad news is some of those websites don’t allow any access, not even with a hurdle, and they perhaps abusively reload the Tor exit node list. The good news is some sites that totally block Tor can still be accessed after clicking ‘New Circuit for this Site;’ so clearly those systems check the Tor exit node list less frequently.

The Tor Project server which provides the exit node list says it logs no IP addresses of visitors; so it sounds like it’s impossible. Not to mention they could be using Tor to load it. :-) Also, based on my limited reading, while I’ve been trying to learn about the technical sides of Tor, it’s become clear that some people hate Tor, so my guess is among the attacks they engage in is a repetitive reloading of the exit node page; thus page count won’t mean much. 



> On May 19, 2019, at 7:38am, Iain Learmonth <irl@xxxxxxxxxxxxxx> wrote:
> 
> Hi,
> 
> On 19/05/2019 00:38, jiggytwiggy@xxxxxxxxxxxxx wrote:
>> As we know, many sites block Tor while others have awful CAPTCHAs.
>> 
>> However, new exit nodes are created all the time.
>> 
>> Does anyone know how often sites check the public exit node IP list and
>> add them to their databases of exit nodes?
> 
> It is likely true that many sites that block Tor do so due to the
> detection of a single abuse event. When you have ~2 million simultaneous
> users sharing a couple of thousand IP addresses, this is going to
> happen. They may not be specifically blocking Tor, although in other
> cases they are.
> 
> The topic of exit censorship is an open research question. Some options
> were described in:
> 
> https://blog.torproject.org/tors-open-research-topics-2018-edition#exit-censorship
> 
> Thanks,
> Iain.
> 
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk