Pwnd2Pwnr Posted November 5, 2012 Share Posted November 5, 2012 I just wanted to ask about the use of TOR and the forums. I can't access my account whenever I try to sign in... I understand "why" to an extent; but is there a workaround? I would like to remain semi anonymous while accessing anything. Facebook tried to lock me out... just had to let them know that I recently moved to Germany (in 20 minutes) and answer security questions. Will TOR ever be allowed here? Cold as hell outside... stay warm! Quote Link to comment Share on other sites More sharing options...
Radau Posted November 5, 2012 Share Posted November 5, 2012 While I'm not sure the exact reason it's blocked I do know that a majority of nodes on Tor are monitored now so it's probably not the best idea to log in through tor alone. You could try to set up a proxychain on top of tor or a vpn. If you do either of those it should let you access the site unless they're strictly against proxies and vpns. I'm not sure but I think Cyberghost still offers a free 2 gigs of data on their free vpn option so you can test with that if you want to. Quote Link to comment Share on other sites More sharing options...
whitehat Posted November 6, 2012 Share Posted November 6, 2012 Most hacking forums do try to block proxy services including Tor/VPN/web proxies, to keep people from randomly uploading virii and other abuse. Obviously this is a situation where there's paradox between your best interest and the interests of the website. So, I do like Radau said and use proxy chains. Go ahead and connect through Tor or I2P or VPN, then bounce on over to some place like http://spys.ru where the proxies are so fresh that the webmaster's scrape box or service won't be able to keep up with you. Alternately, you can log on your anonymous network, go win a contest or perform a service like graphic design to earn some LR or btc then use that to buy a dedicated IP proxy, so that you can use the same one every time. I think within the Vidalia software you can set that up, but if not just use FoxyProxy within your Tor browser. Quote Link to comment Share on other sites More sharing options...
digip Posted November 6, 2012 Share Posted November 6, 2012 (edited) TOR is great for reaching most sites, but every time you use TOR few things happen. 1, your country and IP changes, and 2, some sites use cookies that store the original data in them. If you delete your cookies, then re-login, most sites will still work. However, like myself, I block TOR on my own sites, mainly because people abuse it to hack other sites, and 99% of the traffic I get from TOR, have all been attacks on my site. Thats why I wrote TOR Block for WordPress. http://www.attack-sc...-tor-we-do-but/ You can see on that page, how many TOR users I have already blocked. I can pretty much guarantee, all of them we're attackers, based on the history of TOR users who visit my site, and the fact I log all attacks on the site, so I can see where and who they are. TOR publishes a list of its exit nodes, and many sites, possibly even Facebook, might block it, or just have notices, hey, Bob from Kansas suddenly logged in from Germany 5 minutes later, and oh look, 10 minutes later, his IP is now France. Yeah, that throws off all kinds of alerts for sites the keep track of that kind of data, and I could imagine Facebook, with the way they hook into everything, like Google does, would know when you changed IP and Country of Origin, and as such, might block access to your account if they see continual logins from multiple locations. Especially if they see its from TOR alone. Edited November 6, 2012 by digip Quote Link to comment Share on other sites More sharing options...
whitehat Posted November 6, 2012 Share Posted November 6, 2012 (edited) Tor block for WordPress? Nice. Is it FOSS? ah, i see it's $10 proprietary. money, money, dollar, dollar bill y'all ;) How do you know it blocked 249 users tho, not just 1 user 249 times? One thing I meant to mention to pwnedtopwner that's relevant is the "New Identity" feature of Vidalia. If you hit that enough times eventually you'll get a new node that works. That could also cause upward bias in the detected number of blocked users. Edited November 6, 2012 by whitehat Quote Link to comment Share on other sites More sharing options...
Gh3to Posted November 6, 2012 Share Posted November 6, 2012 Not to mention sniffing on tor ;) Quote Link to comment Share on other sites More sharing options...
digip Posted November 6, 2012 Share Posted November 6, 2012 Tor block for WordPress? Nice. Is it FOSS? ah, i see it's $10 proprietary. money, money, dollar, dollar bill y'all ;) How do you know it blocked 249 users tho, not just 1 user 249 times? One thing I meant to mention to pwnedtopwner that's relevant is the "New Identity" feature of Vidalia. If you hit that enough times eventually you'll get a new node that works. That could also cause upward bias in the detected number of blocked users. It counts blocked TOR nodes, not so much individual IP's, but if I turn it off and showed you the logs, you'd see, its not the same person over and over. Especially with how TOR works, you don't always get the same TOR exit node every time you sign on to it. Thats kind of the point, you want it to randomize the nodes you use, but for the most part, all the TOR nodes return the same country code when you do GeoIP lookups, they in general return Anonymous Proxy. The plug-in, only counts IP's that match the TOR node list, and then counts them + blocks them at the same time. Try TOR and go to my site, you will see for yourself, change your TOR route a few times, see what happens. I have to manually update the list every so often, since TOR us also a dynamic service, with varying exit nodes and users on its service at any given time, but for the most part, it does what I need to fend off most ankle biters who abuse TOR to attack my sites, which is why I made the plug-in. Quote Link to comment Share on other sites More sharing options...
michael_kent123 Posted November 8, 2012 Share Posted November 8, 2012 What do these Tor users do to attack your site? And could they not anonymise themselves through VPNs instead? VPNs are much quicker than Tor and also there are so many of them. Quote Link to comment Share on other sites More sharing options...
digip Posted November 8, 2012 Share Posted November 8, 2012 What do these Tor users do to attack your site? And could they not anonymise themselves through VPNs instead? VPNs are much quicker than Tor and also there are so many of them. Mostly people trying RFI attacks, such as TimThumb plug-in attacks, or looking for uploadify, to add their reverse shells to my site, which I don't run either of those plug-ins nor ever will. Even if they used a VPN though, I would still block them but TOR Blocker preempts them from being able to use TOR, since I regularly download a list of TOR exit nodes and IP's to block. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted November 14, 2012 Author Share Posted November 14, 2012 (edited) Wow... I have been busy lately and have not had a chance to check the post. I would never want to hack Hak5... that is lame. But, on the flip side... I love my incognito browsing (especially Facebook ;) , because we all know how they make their CREAM... dolla dolla bill ya'll...) Digip... so is it the bastards on the TOR attacking you so you can't kick the snot out of there box? I don't understand why folks attack websites made by people who contribute so much... alas... haters gonna hate... lol. As for proxychains... I would only want to set it up for my Metasploit and other various programs... but I just simply don't have the time lately... You guys rock! Edited November 14, 2012 by Pwnd2Pwnr Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.