[tor-talk] Layer-7 DoS Attack Against WWW Tor Hidden Service
bob1983
bob1983 at protonmail.com
Tue Nov 14 09:20:00 UTC 2017
Hi.
I'm the sysadmin of an unnamed computer club, we support online security and
privacy, so our website is available via a Tor hidden service. Recently, we
found a surge of CPU and RAM usage as soon as Tor has been started. A closer look
showed it was the result of a DoS script, likely a broken web crawler, or a bot
written by some script kiddies, which has been trapped inside an infinite loop
and made more than 20 requests per seconds 24 hours a day.
I have defeated the abuser by blacklisting the abused script, which takes a lot
of system resource to generate a webpage but never used by normal visitors. The
system is pretty good now, but I noticed that the Tor process still consumes
significant higher memory usage than before because of the persistent abuser.
Is there a way to limit resource usage originated from a single Tor circuit?
Bob.
More information about the tor-talk
mailing list