How to block all of TOR IP addresses

Speedy059

Well-Known Member
Jul 10, 2007
55
1
58
Is there a quick way to add all of the IP's for the TOR exit nodes? There are several databases online (text databases) of all of the TOR exit nodes. I would like to block all of these IP addresses from using my site since they are very malicious users.

I know in cpanel you can you "IP Blocker" and add 1 IP at a time, this would take an extremely long time. Is there a way to add 1000's of IP's?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
You can add multiple IP's by adding a range, implied range or CIDR format entry as detailed in the UI:



Single IP Address
192.168.0.1
2001:db8::1

Range
192.168.0.1-192.168.0.40
2001:db8::1-2001:db8::3

Implied Range
192.168.0.1-40
CIDR Format
192.168.0.1/32
2001:db8::/32

Implies
192.*.*.*
192.
 

ScottyBoy

Registered
Oct 20, 2020
4
0
1
Boca Raton
cPanel Access Level
Root Administrator
Twitter
The best way to stop them is with a firewall before it reaches the server. If possible, I would suggest blocking them at the edge. If that is not possible, you are going to keep and updated list from:
using cPanelLauren's post, I would suggest blocking single IPs as most of them are not on the same subnets so doing a 192.168.0.1/24 which would block all 192.168.0.1-192.168.0.255 and many of them are most likely not ToR nodes

as well a little addendum to her post:
CIDR Format
192.168.0.1/24
2001:db8::/24
Implies
192.168.0.*
192.168.0.

(the CIDR Format she posted would only block 1 IP: 192.168.0.1 as it was a /32)
 

PlotHost

Well-Known Member
Apr 29, 2011
290
14
68
US
cPanel Access Level
Root Administrator
Twitter
Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

Code:
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
Anyway, you can add your own list to csf.blocklists
 
  • Like
Reactions: Speedy059

Speedy059

Well-Known Member
Jul 10, 2007
55
1
58
Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

Code:
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
Anyway, you can add your own list to csf.blocklists
Thank you for the suggestion. I checked the server and it didn't have CSF installed yet. Just so anyone else needs to do this:

I just followed the instructions here: Additional Security Software | cPanel & WHM Documentation . Once the CSF plugin is installed, it's easy to copy and paste thousands of IP's.
 
  • Like
Reactions: PlotHost

rscalover

Active Member
Dec 16, 2010
30
2
58
Hello,

Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.
 
  • Like
Reactions: Speedy059

Speedy059

Well-Known Member
Jul 10, 2007
55
1
58
Hello,

Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.
Thanks, saw that after my post.