Re: [Full-disclosure] Tool Release - Tor Blocker



Recently our servers were hacked by a tor user and we were unable to prosecute due to not being able to trace the source as the user was using this malicious piece of software to keep his/her anonymity.

TOR isn't malicious. Privacy is a precious thing these days.

Don't blame TOR because you failed to secure your Apache install. Your .sig line is funny, considering just blocking TOR with a 403 is really just smoke and mirrors.

To mitigate most tor attackers we've written an apache module designed to give tor users a 403 error when visiting a specific website. We suggest all administrators whom do not wish a malicious tor user to visit and possibly deface their website to enable the usage of this module. This may not get all attackers, but hopefully it raises the security bar just a little bit more to safeguard ourselves from hackers.

Why not just use mod_access_rbl and something like : http://www.ahbl.org/notices/tor.php

/mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/