My website has recently been dropping requests from users attempting to connect with Tor Browser. I have tried disabling all wordpress plugins to no avail. I would like to know if this is a temporary issue or if infinityfree has decided to block tor browser as a policy.
What do you mean by “dropping”? What is your URL?
6 Likes
Meaning that a timeout invariably occurs while using tor browser, which indicates that the server is ignoring tor associated ip’s requests as policy. Non-tor ip’s seem unaffected, their server requests are resolved rapidly. I have verified that the same behavior can be observed in other sites hosted by InfinityFree as of late, such as, I assume, the page of the user who posted this : Suddently web-page times-out
My question is if this blocking of tor clients/ip’s is explicitly intended policy which is to be expected to continue, or if it is incidental and can with hope be resolved?
The hosting experience with I.F. has been excellent apart from this issue.
I checked the issue and it does appear that access from TOR is indeed blocked. I had someone looked into it and honestly it’s not clear why exactly it doesn’t work because nobody seemed to know about any specific block. At the same time, TOR is often a source of abuse, so there are no plans to get this block lifted.
4 Likes
Thank for looking into it, it seems like the issue has been resolved, i’m not sure when exactly, so I suppose it was an temporary/automated block.
Nothing was resolved, but also nothing was not working as intended to begin with.
But what I can tell you is that there is a list of high risk IP addresses that are blocked from accessing our servers. Abusers love using TOR to hide their tracks, so many TOR exit nodes are in this list, including probably the exit node(s) you were using.
It’s possible that you’ve reconnected since, and are now being routed through a different exit node that’s not being blocked.
That’s good for you I suppose, but it’s entirely possible that the next time you reconnect, you will be blocked again.
And that’s basically par for the course for TOR, because of how often it is abused. Please consider not using TOR, or using a VPN instead. It’s a little bit less private, but it does make you look a lot less suspicious.
3 Likes
Thanks for the clarification. Indeed, I suspected that it was an issue of certain exit nodes being abused, but when at some time it seems to be that the vast majority of exit nodes are being blocked while at other times there is virtually no problem, it’s all quite sporadic.
There is no issue at all with accessing infinityfree.com through tor at any time (I am using tor to post this), even when (like now) my site is inaccessible, so I suppose that this site and the hosted sites are on different servers or have different IP blacklists or policy levels?
As you said, tor is a service that is often abused by bad actors, but I would like to make it clear that I and the majority of my site’s visitors are default-browser tor users who use it not for abuse, but for what it was legitimately meant for: protecting our privacy and the possibility to express dissenting opinion. We also have readers from countries where internet access is restricted or heavily surveilled and many of them do not have easy access to VPN’s, so accessing our site through tor is their only option.
I understand and respect your position as the owner of a service that provides free hosting, trying to keep that generosity from being abused, so thanks again for having taken the time to address this issue in a measured and informed way.
This is correct, on a few levels:
- The IPs are blocked on the network level. If the website is using Cloudflare (like infinityfree.com), our IP blocks don’t apply, because that’s handled at Cloudflare.
- infinityfree.com is not hosted on the free hosting infrastructure.
When we see frequent DDoS and brute force attacks and other hacking attempts from certain IP addresses, those IP addresses will be blocked. If that happens to be a TOR exit node that’s also used by legitimate visitors, then that’s how it is.
Free speech and privacy are all noble goals, but we still need to be able to defend ourselves against attacks. Even if that ends up impacting some legitimate visitors.
This is not a specific attack on TOR. Any service that results in many people using the same IP could have this noisy neighbor effect.
4 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.