-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 carlo von lynX wrote: > On Sun, May 17, 2015 at 11:26:41AM -0000, Ben wrote: >> Anti-abuse scripts -------------------------- >> >> There are some off-the-shelf protections built into the site. >> Given they were designed for the www, they can (and do) ban any >> IP that's seen as a repeat offender. >> >> Either an exclusion needs to be made, or the HS will sometimes >> show 'nice' visitors a potentially rude message :) > > When running a HS you don't get *any* clue where the circuit is > coming from so the off-the-shelf protections may fail. It would be > cool if Tor was to introduce bidirectionally authenticated circuits > - that would allow for proper P2P apps over Tor - and in your case > allow for users to consciously choose pseudonimity instead of > anonymity (by storing the public key they used to access your site > last time). This allows you as the site owner to apply behavioral > ranking logic to pseudonymous users without annoying them with a > registration. >
If the patch to give each inbound circuit its own temporary "IP address" [0] were ever to be committed, then you could potentially use off-the-shelf protections to protect HSs. However, the local addresses are only ever temporarily unique, because they are derived from the circuit ID; the protection application would need to be carefully configured so that its timeouts matched the expected durations for which a circuit ID is expected to be unique. Bidirectionally-authenticated circuits (like I2P's tunnels) are certainly a better way to enable protections like these, but off-the-shelf applications won't work with them. I2P "solves" this by implementing the protection itself, including some general rate limiting features in server tunnels that drop connections before the webserver ever sees them. It also includes a unique local address per client feature like [0] for use with off-the-shelf applications, but this is open to collisions (because the client hash space does not fit into the IPv4 or IPv6 localhost address space). str4d [0] https://lists.torproject.org/pipermail/tor-dev/2014-March/006576.htm l -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVWnnxAAoJEBO17ljAn7PgtqMP/1+GpwdGKcLbyBgEA4diwXlp KwY1QyB4NgV+swO6LPrfvmKeWIOr5V1Rbw9qrcFqDmcrRNbV2hCioC7pQ5YHLD6W 7ZnnbStJh5AG5B0PBK0d9hMaYuW4D0LzDOvCkHogT32JVitfRW2rEZfIm4XC2TEh acVIWREUJvqrArykSxUCvMbyZGf2BEvrDQFZ2yuIgRB1FvVnFSOnbv1IXM1WvVI4 kUIb5ORQ+2KXTmKmH/KT2k52c8ofkgeJsTYr209VzHxLHaH2o72PBYS4Seh56JVl OZb3J/ezDbIYrEupCKZR1ibc5vAWL0dIfA65BsyJ2naJuYu/lAgR6VN6J5/H81+4 zAjb7Jx66S9J6jmzK3uOD/ztS1xJ4gU8VcT4wplQgVdEzXqPXHo3RqczhXN+fG/Y PDpw4CHfrmcTTmd+C+sHYdpIEGcc2fmUYy1dWLPQ1AwAGLZhstZcgHWhwz7PUvAJ O5tJFsv3rXka34drXWTfA9/3diLrOlwDMz1HOnRpPhnqFmE6z64Eob4xVOuUmb3D iu9gcO5hmBc9+S3Imnk8kwUjdKvlVpXi2EvMHEcuhxcajcifRQQtgLHzjwhEh5Lc CzA0PlrQJf8qKsjWVYeZivkYd8RQN8ape/yWmUDohOQqsepsBxn+1jSVbRd3K7nE X3UCPecTdFHVFUIeEViX =6H/8 -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
