[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Sent open privoxy port warning
I sent the following warning to the listed e-mail address of 14 of the 19
Tor nodes I found that accepted connections on port 8118, some of which
bounced.
If any of you run or know how to get in touch with the operators of the
nodes DaJoker, FawkesSwissBlade, LUDICROUS2U, RaspberryPI, pangu,
mouseHouse, tornonym, or 75.137.122.118, I'd appreciate if you could pass
this along.
Thanks!
-- Aaron
---
I noticed your Tor node _ with an IP of _ is one of 19 nodes that accepts
connections publicly on TCP port 8118, which is the default port for
Privoxy. I suspect this might be a configuration mistake.
I'm investigating this because my tor node "tordienet" has received millions
of HTTP proxy requests to port 8118 per day for months. The requests appear
to come from a botnet running on roughly 1500 IPs, and seem to be
advertising click-fraud related. From the discussion in July on the
tor-relays@xxxxxxxxxxxxxxxxxxxx mailing list (archive at
https://lists.torproject.org/pipermail/tor-relays/), this appears to be true
of many nodes.
Port 8118 is the default port for Privoxy, which comes bundled with Tor but
is meant to provide an HTTP proxy for you and your local users to browse
through and is not designed to be offered as a public service. If you don't
use Privoxy, would you mind shutting it down? Or if you do, can you move it
to a different port and/or only allow your own IPs to connect to it?
I'd be happy to provide more information or help you with the configuration
changes if I can.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays