Delivery-Date: Mon, 08 Dec 2014 17:11:47 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,PLING_QUERY,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 0DB461E08BD;
	Mon,  8 Dec 2014 17:11:46 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D273431E11;
	Mon,  8 Dec 2014 22:11:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id BAA1E31DEA
 for <tor-talk@lists.torproject.org>; Mon,  8 Dec 2014 22:11:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Sevpg61jNm6V for <tor-talk@lists.torproject.org>;
 Mon,  8 Dec 2014 22:11:37 +0000 (UTC)
Received: from ruggedinbox.com (ruggedinbox.com [94.156.77.238])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 5CF1630F4F
 for <tor-talk@lists.torproject.org>; Mon,  8 Dec 2014 22:11:37 +0000 (UTC)
Mime-Version: 1.0
Date: Mon, 08 Dec 2014 22:11:28 +0000
From: fuckyouhosting@ruggedinbox.com
To: tor-talk@lists.torproject.org
In-Reply-To: <54844B21.6000608@riseup.net>
References: <d44c9fb94badc9743f9491dc11db52c0@ruggedinbox.com>
 <b89ce16e0c471d6df1c8a007f9a2a1fb@ruggedinbox.com>
 <54844B21.6000608@riseup.net>
Message-ID: <032b1350246fee3bbf864a968a701a45@ruggedinbox.com>
X-Sender: fuckyouhosting@ruggedinbox.com
Subject: Re: [tor-talk] =?utf-8?q?=28D=29DOS_over_Tor_network_=3F_Help_!?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi yes we agree, we think that this is the best solution, currently.
We'll upgrade our hardware asap, adjust the scripts to have a dedicated 
Tor daemon for each virtual host and hopefully move on.


On 2014-12-07 12:42, Cyrus wrote:
> It was much easier to start running every hidden service as a separate
> process. I did it with this lazy bash script, after moving all the
> hidden services into a folder called called /var/lib/tor/auto and
> creatinv configs in /etc/tor/users from a template called
> /etc/tor/torrc-unique - that template has values called %PORT% and 
> %USER%
> 
> I will improve the shell script so it is also an interface to add new
> hidden services, and stop old ones by name only.
> 
> #!/bin/bash
> 
> p="10000"
> 
> cd /var/lib/tor/auto
> find * -type d | while read d; do
>         cp /etc/tor/torrc-unique /etc/tor/users/torrc-$d
>         sed -i "s/%USER%/$d/g" /etc/tor/users/torrc-$d
>         sed -i "s/%PORT%/$p/g" /etc/tor/users/torrc-$d
>         p=`expr $p + 1`
>         echo "HiddenServiceDir /var/lib/tor/auto/$d" >>
> /etc/tor/users/torrc-$d
>         echo "HiddenServicePort 80 192.168.0.3:80" >>
> /etc/tor/users/torrc-$d
>         echo "HiddenServicePort 22 192.168.0.3:22" >>
> /etc/tor/users/torrc-$d
>         tor --RunAsDaemon 1 -f /etc/tor/users/torrc-$d
> done
> 
> fuckyouhosting@ruggedinbox.com wrote:
>> On 2014-12-01 01:46, fuckyouhosting@ruggedinbox.com wrote:
>>> Hi List! We (try to) maintain a free hosting platform for hidden
>>> service websites, here: http://fuckyouhotwkd3xh.onion
>>> but recently all the hosted hidden services became unreachable.
>>> 
>>> Tor logs are correctly reporting the problem:
>>> 
>>> Dec 01 XXX [notice] Your Guard SoylentGreen (XXX) is failing more
>>> circuits than usual. Most likely this means the Tor network is
>>> overloaded. Success counts are 147/210. Use counts are 86/86. 147
>>> circuits completed, 0 were unusable, 1 collapsed, and 1000 timed out.
>>> For reference, your timeout cutoff is 60 seconds.
>>> 
>>> Dec 01 XXX [notice] Your Guard regar42 (XXX) is failing more circuits
>>> than usual. Most likely this means the Tor network is overloaded.
>>> Success counts are 122/178. Use counts are 91/92. 137 circuits
>>> completed, 15 were unusable, 0 collapsed, and 17 timed out. For
>>> reference, your timeout cutoff is 113 seconds.
>>> 
>>> ...
>>> 
>>> trying to change the Guard, by deleting the /var/lib/tor/state file,
>>> results in the same problem and logs, just with a different Guard.
>>> 
>>> Trying to host just our hidden service (fuckyouhotwkd3xh.onion),
>>> by deleting all the other hidden services in the torrc file,
>>> 'solves' the problem .. logs looks ok and the service is reachable.
>>> 
>>> It looks like we are hosting an 'offending' hidden service
>>> which is the target of a (D)DOS attack.
>>> 
>>> We tried to enable Tor debugging and to sniff some traffic
>>> but were unable to find the offending hidden service.
>>> 
>>> All the access.log and error.log of the hosted websites are ok,
>>> they don't grow in size and don't log any flood.
>>> 
>>> Even the bandwidth usage of the server looks ok, basically there is 
>>> no
>>> traffic.
>>> 
>>> 
>>> So .. question: is there a way to understand which hidden service is
>>> causing all this ?
>>> 
>>> Suggestions are welcome!
>>> 
>>> Thank you.
>> 
>> Hi again, it looks like we are in good company:
>> https://lists.torproject.org/pipermail/tor-talk/2014-November/035787.html 
>> (Isolating
>> a hidden service hit by DDOS)
>> sorry for not noticing that before, we'll try to follow the same 
>> advises.
> 
> --
> CYRUSERV Onionland Hosting: http://cyruservvvklto2l.onion/
> PGP public key: http://cyruservvvklto2l.onion/contact
> This email is just for mailing lists and private correspondence.
> Please use cyrus_the_great@lelantos.org for business inquiries.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

