Delivery-Date: Sun, 30 Nov 2014 20:54:46 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,PLING_QUERY,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4B3F61E0056;
	Sun, 30 Nov 2014 20:54:45 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D5BA2315CA;
	Mon,  1 Dec 2014 01:54:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E3C6D3157B
 for <tor-talk@lists.torproject.org>; Mon,  1 Dec 2014 01:54:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id LXelAhsWHF5X for <tor-talk@lists.torproject.org>;
 Mon,  1 Dec 2014 01:54:36 +0000 (UTC)
Received: from ruggedinbox.com (ruggedinbox.com [94.156.77.238])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id ACE8F2848C
 for <tor-talk@lists.torproject.org>; Mon,  1 Dec 2014 01:54:36 +0000 (UTC)
X-Greylist: delayed 504 seconds by postgrey-1.34 at eugeni;
 Mon, 01 Dec 2014 01:54:36 UTC
Mime-Version: 1.0
Date: Mon, 01 Dec 2014 01:46:07 +0000
From: fuckyouhosting@ruggedinbox.com
To: tor-talk@lists.torproject.org
Message-ID: <d44c9fb94badc9743f9491dc11db52c0@ruggedinbox.com>
X-Sender: fuckyouhosting@ruggedinbox.com
Subject: [tor-talk] =?utf-8?q?=28D=29DOS_over_Tor_network_=3F_Help_!?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi List! We (try to) maintain a free hosting platform for hidden service 
websites, here: http://fuckyouhotwkd3xh.onion
but recently all the hosted hidden services became unreachable.

Tor logs are correctly reporting the problem:

Dec 01 XXX [notice] Your Guard SoylentGreen (XXX) is failing more 
circuits than usual. Most likely this means the Tor network is 
overloaded. Success counts are 147/210. Use counts are 86/86. 147 
circuits completed, 0 were unusable, 1 collapsed, and 1000 timed out. 
For reference, your timeout cutoff is 60 seconds.

Dec 01 XXX [notice] Your Guard regar42 (XXX) is failing more circuits 
than usual. Most likely this means the Tor network is overloaded. 
Success counts are 122/178. Use counts are 91/92. 137 circuits 
completed, 15 were unusable, 0 collapsed, and 17 timed out. For 
reference, your timeout cutoff is 113 seconds.

...

trying to change the Guard, by deleting the /var/lib/tor/state file,
results in the same problem and logs, just with a different Guard.

Trying to host just our hidden service (fuckyouhotwkd3xh.onion),
by deleting all the other hidden services in the torrc file,
'solves' the problem .. logs looks ok and the service is reachable.

It looks like we are hosting an 'offending' hidden service
which is the target of a (D)DOS attack.

We tried to enable Tor debugging and to sniff some traffic
but were unable to find the offending hidden service.

All the access.log and error.log of the hosted websites are ok,
they don't grow in size and don't log any flood.

Even the bandwidth usage of the server looks ok, basically there is no 
traffic.


So .. question: is there a way to understand which hidden service is 
causing all this ?

Suggestions are welcome!

Thank you.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

