How to block all of TOR IP addresses

[Speedy059]

Is there a quick way to add all of the IP's for the TOR exit nodes? There are several databases online (text databases) of all of the TOR exit nodes. I would like to block all of these IP addresses from using my site since they are very malicious users.

I know in cpanel you can you "IP Blocker" and add 1 IP at a time, this would take an extremely long time. Is there a way to add 1000's of IP's?

 

[cPanelLauren]

You can add multiple IP's by adding a range, implied range or CIDR format entry as detailed in the UI:



Single IP Address
192.168.0.1
2001:db8::1
Range
192.168.0.1-192.168.0.40
2001:db8::1-2001:db8::3
Implied Range
192.168.0.1-40
CIDR Format
192.168.0.1/32
2001:db8::/32
Implies
192.*.*.*
192.

 

[vacancy]

https://github.com/SecOps-Institute/Tor-IP-Addresses/blob/master/tor-nodes.lst

You can prevent tor browser access by adding it to csf.deny. But you should check and update the list once a week, these ip addresses change.

 

[ScottyBoy]

The best way to stop them is with a firewall before it reaches the server. If possible, I would suggest blocking them at the edge. If that is not possible, you are going to keep and updated list from:

https://www.dan.me.uk/tornodes

using cPanelLauren's post, I would suggest blocking single IPs as most of them are not on the same subnets so doing a 192.168.0.1/24 which would block all 192.168.0.1-192.168.0.255 and many of them are most likely not ToR nodes

as well a little addendum to her post:
CIDR Format
192.168.0.1/24
2001:db8::/24
Implies
192.168.0.*
192.168.0.

(the CIDR Format she posted would only block 1 IP: 192.168.0.1 as it was a /32)

 

[cPanelLauren]

I actually just used the example in the UI in my post - the CIDR format there is indeed only referencing one IP

 

[PlotHost]

Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4

Anyway, you can add your own list to csf.blocklists

 

[Speedy059]

Take a look at /etc/csf/csf.blocklists
There is already code for TOR exit nodes

# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
#TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4

Anyway, you can add your own list to csf.blocklists

Thank you for the suggestion. I checked the server and it didn't have CSF installed yet. Just so anyone else needs to do this:

I just followed the instructions here: Additional Security Software | cPanel & WHM Documentation . Once the CSF plugin is installed, it's easy to copy and paste thousands of IP's.

 

[rscalover]

Hello,

Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.

 

[Speedy059]

Hello,

Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.

Thanks, saw that after my post.