March 2011
M	T	W	T	F	S	S
« Feb		Oct »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Mar/11

Block TOR Exit Nodes Using BASH Script

No comments · Posted by Brian Hare in Code Snippets

I’ve always attempted to block TOR proxies from my server because the proxies can be abused and used to jump bans on some custom software that I host. Recently I found an official TOR blacklist for exit nodes located here: https://check.torproject.org/cgi-bin/TorBulkExitList.py.

I assume they require you to put in an IP address to give better results which exit nodes have access to your server. What isn’t really documented either is that you can also specify which port to check on as well by adding &port=###, where ### would be the port number you wish to see. This is greatly benefitical for me because the custom software runs on an irregular 9998 port.

Blacklists are great but they aren’t very useful unless you can actually use them on your server and block the IP addresses. Therefore, I wrote the following BASH script:

Source code

#!/bin/bash
 
IPTABLES_TARGET="DROP"
IPTABLES_CHAINNAME="TOR"
 
WORKING_DIR="/tmp/"
 
# get IP address of eth0 network interface
IP_ADDRESS=$(ifconfig eth0 | awk '/inet addr/ {split ($2,A,":"); print A[2]}')
 
if ! iptables -L "$IPTABLES_CHAINNAME" -n >/dev/null 2>&1 ; then			#If chain doesn't exist
	iptables -N "$IPTABLES_CHAINNAME" >/dev/null 2>&1				#Create it
fi
 
cd $WORKING_DIR
 
wget -q -O - http://proxy.org/tor_blacklist.txt -U NoSuchBrowser/1.0 > temp_tor_list1
sed -i 's|RewriteCond %{REMOTE_ADDR} \^||g' temp_tor_list1
sed -i 's|\$.*$||g' temp_tor_list1
sed -i 's|\\||g' temp_tor_list1
sed -i 's|Rewrite.*$||g' temp_tor_list1
 
wget -q -O - "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=80" -U NoSuchBrowser/1.0 > temp_tor_list2
wget -q -O - "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=9998" -U NoSuchBrowser/1.0 >> temp_tor_list2
sed -i 's|^#.*$||g' temp_tor_list2
 
iptables -F "$IPTABLES_CHAINNAME"
 
CMD=$(cat temp_tor_list1 temp_tor_list2 | uniq | sort)
 
for IP in $CMD; do
	let COUNT=COUNT+1
	iptables -A "$IPTABLES_CHAINNAME" -s $IP -j $IPTABLES_TARGET
done
 
iptables -A "$IPTABLES_CHAINNAME" -j RETURN
 
rm temp_tor*

It basically downloads the official blacklist and another blacklist that I found and extracts the IP addresses from the files, sorts them, and gets rid of any duplicates they may exist. Then it adds a DROP command to IPTABLES under the specified IPTABLES chain.

I suggest that you set this script to run hourly or daily depending on your needs with cron.

I also have written a custom progress bar to indicate how far along you are. The progress bar code and example using the TOR proxy blocker can be seen at this post: http://www.brianhare.com/wordpress/2011/03/02/bash-progress-bar/

No tags

Clouds in my coffee | Brian Hare's personal blog.

Recent Posts

Archive

Block TOR Exit Nodes Using BASH Script

No comments yet.

Leave a Reply

Recent Comments

Clouds in my coffee

Archives