Using tor exit nodes for DDoS attacks

Hello,

Not sure where to post this topic, please move where it corresponds

I supose you’re aware about some stupid people using proxy attacks from Tor using socks5 or socks4 to attack websites using layer 7, and make tons of petitons.

Just get a large proxy list (socks5 for example) and run a python script to make thousand of http 1.1 petitions.

But the question here (related with TOR) I saw some recent attacks (monitoring a website behind CloudFlare) and noticed that too much IP’s , the most are from T1 (Tor exit nodes)

So how you can prevent or monitorize this kind of attacks? For example, limiting you can’t make 100 petitions or more for second to same website. There’s any technical approach?

Well I can block entire TOR (T1) “country” using CloudFLare, but then nobody using Tor can acces my website, so this isn’t a solution.

I can provide some screenshots (cloudfare panel) or list of abusive tor exit IP’s if you need them.

Thank you in advance.

Is Cloudflare not stopping the attack you see in their control panel?

Preventing DDoS is a hard problem. Thanks for not wanting to block all Tor users from accessing your site.

1 Like

Is Cloudflare not stopping the attack you see in their control panel?

Yes, I can block entire TOR connections (named T1 country), but that’s not the solution.

The solution is implementing some king of monitoring for aggressive petitions and automatically block IP’s who make them.

Thanks