[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <44842F23.5030009@csuohio.edu>
Date: Mon Jun 5 14:18:47 2006
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: Tool Release - Tor Blocker
> Recently our servers were hacked by a tor user and we were unable to
> prosecute due to not being able to trace the source as the user was
> using this malicious piece of software to keep his/her anonymity.
TOR isn't malicious. Privacy is a precious thing these days.
Don't blame TOR because you failed to secure your Apache install. Your
.sig line is funny, considering just blocking TOR with a 403 is really
just smoke and mirrors.
> To mitigate most tor attackers we've written an apache module designed
> to give tor users a 403 error when visiting a specific website. We
> suggest all administrators whom do not wish a malicious tor user to
> visit and possibly deface their website to enable the usage of this
> module. This may not get all attackers, but hopefully it raises the
> security bar just a little bit more to safeguard ourselves from hackers.
Why not just use mod_access_rbl and something like :
http://www.ahbl.org/notices/tor.php
/mike.
Powered by blists - more mailing lists