How to block all of TOR IP addresses

Speedy059

Well-Known Member
Jul 10, 2007
55
1
58
Is there a quick way to add all of the IP's for the TOR exit nodes? There are several databases online (text databases) of all of the TOR exit nodes. I would like to block all of these IP addresses from using my site since they are very malicious users.

I know in cpanel you can you "IP Blocker" and add 1 IP at a time, this would take an extremely long time. Is there a way to add 1000's of IP's?
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,265
1,298
363
Houston
You can add multiple IP's by adding a range, implied range or CIDR format entry as detailed in the UI:



Single IP Address
192.168.0.1
2001:db8::1

Range
192.168.0.1-192.168.0.40
2001:db8::1-2001:db8::3

Implied Range
192.168.0.1-40
CIDR Format
192.168.0.1/32
2001:db8::/32

Implies
192.*.*.*
192.
 

ScottyBoy

Registered
Oct 20, 2020
4
0
1
Boca Raton
cPanel Access Level
Root Administrator
Twitter
The best way to stop them is with a firewall before it reaches the server. If possible, I would suggest blocking them at the edge. If that is not possible, you are going to keep and updated list from:
using cPanelLauren's post, I would suggest blocking single IPs as most of them are not on the same subnets so doing a 192.168.0.1/24 which would block all 192.168.0.1-192.168.0.255 and many of them are most likely not ToR nodes

as well a little addendum to her post:
CIDR Format
192.168.0.1/24
2001:db8::/24
Implies
192.168.0.*
192.168.0.

(the CIDR Format she posted would only block 1 IP: 192.168.0.1 as it was a /32)
 

PlotHost

Well-Known Member
Apr 29, 2011
292
15
68
US
cPanel Access Level
Root Administrator
Twitter
Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

Code:
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
Anyway, you can add your own list to csf.blocklists
 
  • Like
Reactions: Speedy059

Speedy059

Well-Known Member
Jul 10, 2007
55
1
58
Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

Code:
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
Anyway, you can add your own list to csf.blocklists
Thank you for the suggestion. I checked the server and it didn't have CSF installed yet. Just so anyone else needs to do this:

I just followed the instructions here: Additional Security Software | cPanel & WHM Documentation . Once the CSF plugin is installed, it's easy to copy and paste thousands of IP's.
 
  • Like
Reactions: PlotHost

rscalover

Well-Known Member
Dec 16, 2010
101
12
68
cPanel Access Level
Root Administrator
Hello,

Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.
 
  • Like
Reactions: Speedy059

Speedy059

Well-Known Member
Jul 10, 2007
55
1
58
Hello,

Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.
Thanks, saw that after my post.
 

jagonoja

Member
Mar 21, 2022
12
2
3
Kazakhstan
cPanel Access Level
Root Administrator
I enabled the TOR blocklist. Then I realized: what
Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

Code:
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
Anyway, you can add your own list to csf.blocklists
I enabled the TOR blocklist. But then I thought: what if one day I am trying to reach my server under a heavy surveillance firewall behind enemy lines, and the only way to do this is through TOR, because all VPNs have been blocked or infiltrated? Elon Musk will not be answering my calls...