Is it possible to block Tor users?

Question

Would it be possible to block Tor users? (https://www.torproject.org/)

Due to the nature of the site I run I should do all I can to stop multiple accounts and block cert

Answer 1

Tor is much easier to block than other open proxies since the list of exit IP addresses is known and published. Read the answer at https://www.torproject.org/docs/faq-abuse.html.en#Bans and if you still want to block users from accessing your site you could use https://www.torproject.org/projects/tordnsel.html.en or the Bulk Exit List exporting tool.

If you use the Bulk Exit List exporting tool be sure to get a fresh list often and expire the old blocks since the list of IP addresses change.

Answer 2

Yes, and in fact here is a script that will do it for all of your windows machines. Like others mentioned above, it's as simple as blocking all the exit nodes, but that takes a little work.

https://github.com/Austin-Src/BlockTor

Answer 3

It's a fact, that the best application defence is its code and security, not a firewall blocklist. If it's an essential matter for you to have real true users - you have to use two-factor authentication. Blocklists are totally useless nowadays.

Answer 4

Since TorDNSEL was deprecated and replaced by a new system in Abril 2020 [1], most of the answers in this thread are outdated.

After a bit of wrangling I came up with this code that uses the new checker. What id does is it reverses the ip octets and creates a URL for the new checker, then performs a DNS request and checks wether or not the first answer has the "127.0.0.2" IP. If this is the case, the user is deemed to come from Tor, otherwise it returns false.

function IsTorExitPoint(){
    $dns_record = dns_get_record(ReverseIPOctets($_SERVER['REMOTE_ADDR']).".dnsel.torproject.org.");

    if ($dns_record && $dns_record[0] && $dns_record[0]["ip"] == "127.0.0.2") {
        return true;
    } else {
        return false;
    }
}
function ReverseIPOctets($inputip){
    $ipoc = explode(".",$inputip);
    return $ipoc[3].".".$ipoc[2].".".$ipoc[1].".".$ipoc[0];
}

[1] https://lists.torproject.org/pipermail/tor-project/2020-March/002759.html

PD: It's been a while since I've posted an answer to stackoverflow, so please bear with me and help me improve if possible.

Answer 5

In .NET it's possible and simple. I have implemented it on my site.

Let's say your site has an external IP address of 192.168.0.5 for argument's sake. Real TOR IP address at the time of posting: 95.215.44.97

Imports System.Net
Imports System.Net.Sockets
Imports System.Web

Private Function IsTorExitNode(sIP As String) As Boolean

    ' Reverse your IP (97.44.215.95) then pass to the string, I have just created it as one for this example
    Try
        Dim strTor As String = "97.44.215.95.80.5.0.168.192.ip-port.exitlist.torproject.org"
        Dim host As IPHostEntry = Dns.GetHostEntry(strTor)

        If host.AddressList.Length = 0 Then
            Return False
        Else
            If host.AddressList(0).ToString() = "127.0.0.2" Then
                Return True
            Else
                Return False
            End If
        End If
    Catch ex As SocketException
        Return False
    End Try
End Function

Breakdown

Reversed IP address: 97.44.215.95
Port: 80
Reversed IP address: (your external site IP address)

If the address is a TorExitNode it will return 127.0.0.2.

In your Global.asax file, you can use the Application_Start to check if IP address returns true and then redirect them away from your site:

If IsTorExitNode("97.44.215.95") = True Then Response.Redirect("http://www.google.co.uk")

Now, as soon as they hit your site they are redirected away from it.

TOR has a list of IP addresses, but obviously they change all the time so using my function would be the best way as it's always real-time.

Answer 6

I have already curated the tor nodes and tor exit nodes list which keep updating hourly. Please refer to https://github.com/SecOps-Institute/Tor-IP-Addresses

You can do a git pull every hour and get the most updated list.