PHP Classes

PLEASE DO NOT!

Recommend this page to a friend!

      UnTor  >  All threads  >  PLEASE DO NOT!  >  (Un) Subscribe thread alerts  
Subject:PLEASE DO NOT!
Summary:THIS IS SO BAD IN 1000s OF WAYS
Messages:2
Author:francesco M. munafò
Date:2017-07-03 15:58:56
 

  1. PLEASE DO NOT!   Reply   Report abuse  
Picture of francesco M. munafò francesco M. munafò - 2017-07-03 15:58:56
“Blocking the access of users that use the Tor network may be one way to inhibit the abuse of sites by criminals and people with bad intentions.“

Also shutting down your own server is one way to do so!



THIS IS SO BAD IN 1000s OF WAYS


Just a few samples:

- IPs come and go, you will end up locking out legitimate users and pissing off random people.

- An IP address is not a computer!!! If you lock an IP because once it was a TOR node you may be locking an entire subnetwork. My IP is shared with a whole network of residential cable subscribers.

- The Tor network has been used more often yo hide the identity of legitimate users from abusive governments (China?) than few criminals. You may shut down entire countries while helping to make the world a worse place. TOR is more for freedom fighters, botnets for cyber criminals (see below). Why would you want to do that.

- TOR is a free project to HELP people be free, you are referring to it as a bunch of criminals... WTF???

- Why would anyone want to block a user in general, if it has legitimate access to your site? That is unless you are Netflix and try to impose some sort of country based copyright limitation (you should probably avoid it, anyway). And if it doesn't have legitimate access, then, TOR or not, you should block him.

- It just doesn't work. If it did work Netflix would use this trick and block you from using content from abroad. It will make you feel it works, but TOR users will connect anyway (just change IP untill they get a new one you don't have) and legitimate users will get cut off (with no hope). LISTS DO NOT WORK.

- Attackers and criminals use botnets, they pilot unknown user infected computers to perform malicious acts. They have millions of clean IP addresses of ordinary network users. They don't need TOR! If a DOS attack or a brute force came from a few listed IP addresses your site should notice (1000 accesses from the same IP), you don't need to check an obsolete list of TOR network nodes.

JUST DON'T!

  2. Re: PLEASE DO NOT!   Reply   Report abuse  
Picture of Romeu Gamelas Romeu Gamelas - 2017-07-03 18:55:01 - In reply to message 1 from francesco M. munafò
Don't waste my time with boring and old fallacies!

ie. Using Tor to access a web store is like showing up at store front with a women's socket covering your face. Why would you do that?
In the same fashion you think it's your right to proxy out, site owners have the right to not accept you there.

It takes to be a full time hacker to have and manage a botnet, but every script kiddie has access to Tor, a Tor user registering at a shop is a suspicious activity and its owner is more likely to get a stolen/phished paypal or credit card and run into troubles afterwards.
And what to say about kids brutte-forcing login pages?

Besides this script blocks known exit nodes, not subnets or IP ranges, so no "legit user" will get blocked by it.