All posts by UTAN

Detect Tor Network

Well, I can only say that I have had lots of trouble with Tor I understand the need of keeping your Ip address secured and the need to user this kind of Network..

But for the most part and in my experience I have only had problems with it.. Of course not all the people that uses it, does bad thing with it but I had this individual trying to hack my application, registering and posting obscene comment posting unappropriated material and so on..

I kept banning Ips and he would just switch on the fly to another, I had blocked by Ip range and only end up blocking legit users, not a feasible fix.

Goggling I found https://check.torproject.org/cgi-bin/TorBulkExitList.py

You enter the Ip of your server or Website and will print a list of possible Ips that could connect.. after that it was easy for me to create a short function and use it in the page I wanted to detain the individual.

At the precise moment I was being attacked by the hacker spammer, captured the ip he was currently using and tested against the list I was given. success it worked it was already included I saw the light again…

Ok so the code..

First go to the page Bulk Tor Exit Exporter
You will get a web list with Tor Ips that could connect to your service, save it to txt format and name it TorList.txt then create a PHP document name as you like, I called it torchecker.php.

<?php
	function checkTORconnection(){
		$ips = file('./TorList.txt');
		$iptocheck = isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : false;
		$isfound = false;
		if( $ips && $iptocheck ){
			for ( $i=0; count( $ips ) > $i; $i++ ){
				if( trim( $ips[$i] ) == $iptocheck ){
					$isfound = true;
				}
			}
			if( $isfound )
			{
				return true;
			}
			return false;
		}
		return true;
	}
?>

I check $_SERVER[‘REMOTE_ADDR’] if not found for me that’s it, I don’t want that user but your taste could be different.. anyways you use the function as follow:

<?php
require_once('./torchecker.php');// require our function
// now use it as normal conditional
if( checkTORconnection() ){
// allow or do anything you want.
}
?>

Well that’s it, I needed to post this because it was really important for me and people should know how to defend against this anonymizers..

regards all.