Skip to main content

How to block all of TOR IP addresses

Speedy059
Is there a quick way to add all of the IP's for the TOR exit nodes? There are several databases online (text databases) of all of the TOR exit nodes. I would like to block all of these IP addresses from using my site since they are very malicious users. I know in cpanel you can you "IP Blocker" and add 1 IP at a time, this would take an extremely long time. Is there a way to add 1000's of IP's?

Comments

9 comments

Date Votes
  • cPanelLauren
    You can add multiple IP's by adding a range, implied range or CIDR format entry as detailed in the UI: Single IP Address 192.168.0.1 2001:db8::1
    Range 192.168.0.1-192.168.0.40 2001:db8::1-2001:db8::3
    Implied Range 192.168.0.1-40
    CIDR Format 192.168.0.1/32 2001:db8::/32
    Implies 192.*.*.* 192.
    0
  • vacancy
    0
  • ScottyBoy
    The best way to stop them is with a firewall before it reaches the server. If possible, I would suggest blocking them at the edge. If that is not possible, you are going to keep and updated list from:
    0
  • cPanelLauren
    I actually just used the example in the UI in my post - the CIDR format there is indeed only referencing one IP :)
    0
  • PlotHost
    Take a look at /etc/csf/csf.blocklists There is already code for TOR exit nodes # TOR Exit Nodes List # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList #TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
    Anyway, you can add your own list to csf.blocklists
    0
  • Speedy059
    Take a look at /etc/csf/csf.blocklists There is already code for TOR exit nodes # TOR Exit Nodes List # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList #TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
    Anyway, you can add your own list to csf.blocklists

    Thank you for the suggestion. I checked the server and it didn't have CSF installed yet. Just so anyone else needs to do this: I just followed the instructions here: Additional Security Software | cPanel & WHM Documentation . Once the CSF plugin is installed, it's easy to copy and paste thousands of IP's.
    0
  • rscalover
    Hello, Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.
    0
  • Speedy059
    Hello, Configserver.com csf can block tor in /etc/csf/csf.blocklists uncomment the line that is already there and in /etc/csf/csf.conf make sure URLGET is set to use LWP restart the firewall and look at lfd.log.

    Thanks, saw that after my post.
    0
  • jagonoja
    I enabled the TOR blocklist. Then I realized: what
    Take a look at /etc/csf/csf.blocklists There is already code for TOR exit nodes # TOR Exit Nodes List # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList #TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
    Anyway, you can add your own list to csf.blocklists

    I enabled the TOR blocklist. But then I thought: what if one day I am trying to reach my server under a heavy surveillance firewall behind enemy lines, and the only way to do this is through TOR, because all VPNs have been blocked or infiltrated? Elon Musk will not be answering my calls...
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post