Would it be possible to block Tor users? (https://www.torproject.org/)
Due to the nature of the site I run I should do all I can to stop multiple accounts and block certain locations. Tor is worse than proxies - a total nightmare...
The most common way to block Tor traffic would be to locate an updating list of Tor exit nodes and configure a firewall to block these nodes. A company policy to prevent Tor use may also go a long way to cease its use.
To block Tor, you need to set up both a Firewall rule and a HTTPS Decrypt and Inspect policy: Set up a Firewall rule to block the Tor layer 7 signature, see our help topic, Adding new Smoothwall Firewall rules: Go to Network > Firewall > Firewall rules. Click Add section, type the Name "Tor" and click Save changes.
Tor is often blocked by administrators of certain networks. One way around this is to use bridges which shouldn't be detectable as Tor nodes. If the blockage is more sophisticated and uses deep packet inspection, you may need to use an additional tool, such as Pluggable Transports (see below).
Under App Control Advanced, select PROXY-ACCESS under Category. Select Tor under Application and then click on the Configure button. A pop-up window appears, select Enable under the Block and Log fields. Click OK to save.
Tor is much easier to block than other open proxies since the list of exit IP addresses is known and published. Read the answer at https://www.torproject.org/docs/faq-abuse.html.en#Bans and if you still want to block users from accessing your site you could use https://www.torproject.org/projects/tordnsel.html.en or the Bulk Exit List exporting tool.
If you use the Bulk Exit List exporting tool be sure to get a fresh list often and expire the old blocks since the list of IP addresses change.
Blocking Tor is wrong because (ab)users and IP addresses are not the same. By blocking Tor you will also block legitimate users and harmless restricted Tor exit nodes configured with conservative exit policies.
For example, if you concerned about attacks on SSH (port 22) then blocking only Tor will do little to increase security. What you really might need is dynamic synchronised blacklist like http://denyhosts.sourceforge.net/ that track offenders disregarding of their affiliation with Tor.
Denyhosts will automatically block Tor exit nodes that allow Tor to access port 22 without unnecessary denying access to anonymous users and operators of Tor exit nodes who never let offenders to attack your SSH services.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With