[tor-relays] Onion Services operators please enable tor PoW defense

[lists at for-privacy.net]

On Mittwoch, 5. Juni 2024 14:50:20 CEST gus wrote:
> Hi,
> 
> As some of you might have noticed, we have a high load situation on the
> network for a couple of weeks now affecting in particular onion services
> (but not only them).[1]
> 
> We recommend Onion Services operators to enable our Proof of Work (PoW)
> defense[2][3] and finetune their torrc[4].
> 

As a little help, defaults from 0.4.8.11

### IntroDoSDefense & PoWDefenses are disabled by default
#
# https://community.torproject.org/onion-services/ecosystem/technology/pow/
# More details, see: 'man torrc' DENIAL OF SERVICE MITIGATION OPTIONS
# Tor Network values set by the consensus, if any, can be found here:
# https://consensus-health.torproject.org/#consensusparams

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 80 [::1]:80

# HiddenService options are per onion service:
HiddenServiceEnableIntroDoSDefense 1
#HiddenServiceEnableIntroDoSBurstPerSec 200	# (Default: 200)
#HiddenServiceEnableIntroDoSRatePerSec 25	# (Default: 25)

HiddenServicePoWDefensesEnabled 1
#HiddenServicePoWQueueRate 250		# (Default: 250)
#HiddenServicePoWQueueBurst 2500	# (Default: 2500)
#CompiledProofOfWorkHash auto		# (Default: auto)

HiddenServiceDir /var/lib/tor/other_hidden_service/
HiddenServicePort 22 127.0.0.1:22
HiddenServicePort 22 [::1]:22
HiddenServiceEnableIntroDoSDefense 1
...


For larger websites and forums like Dread:
https://blog.nihilism.network/servers/endgame/index.html

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240606/c8a0f563/attachment-0001.sig>