How to block Tor users from accessing your website

jvvg

Currently, there is an issue of people trying to use Tor (an advanced proxy software) to bypass bans on websites.

However, I have devised a way to prevent Tor from being used to access your website (I am currently piloting this software on futuresight.org). It is fairly easy - it only involves downloading one file to your server and adding a few lines of code.
First, you need to download the list of Tor exit node IPs. The one I used is located at http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv. If you use a different one, you need to update the code accordingly.

Then, on each Tor-protected page, add the following code:

$ips = explode("\n", file_get_contents('/path/to/tor-ips.csv');
if (in_array($_SERVER['REMOTE_ADDR'], $ips)) {
	echo 'Please do not use Tor to access this website.'; die;
}

That is the basic code. On the FutureSight website, I did something a bit more advanced to optimize performance: it saves a cookie on your computer if your IP is not detected to be a Tor exit node, and instead of just killing the page as in the above example, it autobans the user from the website for a few days.

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

bobbybee

I honestly don't like this. The code is fine (just arguably poor performance), but I don't think you should block Tor exit nodes. Some users have legitimate reasons for using them.

“Ooo, can I call you Señorita Bee?” ~Chibi-Matoran

nXIII

I agree with bobbybee. Many people use Tor to protect their privacy and their personal freedom; please don't prevent them from doing so.

♡ nXIII · GitHub

jvvg

nXIII wrote:
I agree with bobbybee. Many people use Tor to protect their privacy and their personal freedom; please don't prevent them from doing so.

Oh, the reason I'm implementing it is that spambots often like to use Tor, and that people I know are attempting to post harmful stuff on the forums, and this is to prevent them from getting around IP bans. The people I know that use Tor are only trying to protect their freedom to be harmful.

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

BigBlueBlock

bobbybee wrote:
I honestly don't like this. The code is fine (just arguably poor performance), but I don't think you should block Tor exit nodes. Some users have legitimate reasons for using them.

scratchisthebest

$ips = explode("\n", file_get_contents('/path/to/tor-ips.csv');
if (in_array($_SERVER['REMOTE_ADDR'], $ips)) {
	echo 'Please do not use Tor to access this website. If you have a legitimate reason for using Tor, please email xxx (at) fgsdfgsdfgfds.com. '; die;
}

fix'd

I am a Lava Expert

lallaway12

roter blocking whould be nicer

Mod edit: Removed excessive blank space. Please don't use more space than is necessary for your post!
@Mod Edit: Sorry it was a bug

Last edited by lallaway12 (Aug. 21, 2013 05:07:14)

See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons

jvvg

lallaway12 wrote:
roter blocking whould be nicer

Mod edit: Removed excessive blank space. Please don't use more space than is necessary for your post!

What is roter?

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

chocolatepenguin

jvvg wrote:
lallaway12 wrote:
roter blocking whould be nicer

Mod edit: Removed excessive blank space. Please don't use more space than is necessary for your post!
What is roter?

Router?

lallaway12

chocolatepenguin wrote:
jvvg wrote:
lallaway12 wrote:
roter blocking whould be nicer

Mod edit: Removed excessive blank space. Please don't use more space than is necessary for your post!
What is roter?
Router?

Yeah

See my blog ITS MAD so subscribe comment and enjoy http://lallawayrandom.blogspot.co.uk/ ask me what to put up there
Feed my dragons

alwayspaytaxes

Is this still a good idea

-\{:)_/-

play sound [bad to the bone riff.wav v]

PPPDUD

alwayspaytaxes wrote:
Is this still a good idea

Yes. If info about a subject is available, it should be easy to access. And this project helps accomplish that belief.

Fun fact: If you have malware on a Windows NT device, it's possible that deleting system32 will severely damage the malware. It will also damage your Windows install.

Help keep this topic alive!

The rest of my signature was eaten by an evil kumquat attacked by a terrible president who ate my banana shot down this signature instead of shooting down the TikTok Cell Tower white balloon that probably had a camera bundled with it.

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1isnZw.img?w=800&h=435&q=60&m=2&f=jpg

Ribbun

alwayspaytaxes wrote:
Is this still a good idea

Did you really have to bump a decade old thread?

define ribbun
set [ pronouns] to [she/her]
set [ interests] to [linux, web development, domains]

imfh

alwayspaytaxes wrote:
Is this still a good idea

Instead of using the provided script, I would use something like CloudFlare which will automatically handle it for you and be much faster.

Scratch to Pygame converter: https://scratch.mit.edu/discuss/topic/600562/

DifferentDance8

imfh wrote:
alwayspaytaxes wrote:
Is this still a good idea
Instead of using the provided script, I would use something like CloudFlare which will automatically handle it for you and be much faster.

CloudFlare is just generally bad in terms of privacy, however this is the only information I can find about Cloudflare and privacy that doesn't have anything to do with their DNS (that's a whole separate issue):

The documentation page for a browser extension that replaces unprivate websites with private frontends wrote:
Cloudflare basically decrypts the data between you and the instance to compress it to send it faster, a CDN basically. In other words, Cloudflare can see your data in Plain text even with HTTPS.

Last edited by DifferentDance8 (Oct. 22, 2023 04:42:41)

SOMEONE PLEASE HELP ME

alwayspaytaxes

imfh wrote:
alwayspaytaxes wrote:
Is this still a good idea
Instead of using the provided script, I would use something like CloudFlare which will automatically handle it for you and be much faster.

Oh yeah I almost forgot about that. It probably also doesn't assume that Tor == bad

Ribbun wrote:
alwayspaytaxes wrote:
Is this still a good idea
Did you really have to bump a decade old thread?

Yes lololololol

DifferentDance8 wrote:
CloudFlare is just generally bad in terms of privacy, however this is the only information I can find about Cloudflare and privacy that doesn't have anything to do with their DNS (that's a whole separate issue):

Any basis for that claim?

CloudFlare and US Privacy Law Compliance wrote:
Cloudflare's network and all of our products are built with data protection in mind. Cloudflare does not sell personal data we process on customers' behalf, or use it for any purpose other than to provide our services.

https://www.cloudflare.com/trust-hub/us-privacy-compliance

-\{:)_/-

play sound [bad to the bone riff.wav v]

Discuss Scratch