lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Jun 5 14:18:47 2006 From: michael.holstein at csuohio.edu (Michael Holstein) Subject: Tool Release - Tor Blocker > Recently our servers were hacked by a tor user and we were unable to > prosecute due to not being able to trace the source as the user was > using this malicious piece of software to keep his/her anonymity. TOR isn't malicious. Privacy is a precious thing these days. Don't blame TOR because you failed to secure your Apache install. Your .sig line is funny, considering just blocking TOR with a 403 is really just smoke and mirrors. > To mitigate most tor attackers we've written an apache module designed > to give tor users a 403 error when visiting a specific website. We > suggest all administrators whom do not wish a malicious tor user to > visit and possibly deface their website to enable the usage of this > module. This may not get all attackers, but hopefully it raises the > security bar just a little bit more to safeguard ourselves from hackers. Why not just use mod_access_rbl and something like : http://www.ahbl.org/notices/tor.php /mike.
Powered by blists - more mailing lists