Deny TOR Network

Thank you for the suggestion — I have passed your request on to the dev team.

I can’t promise that every suggestion we get will make it into a release, or when that might be, but every suggestion we get is evaluated carefully and considered seriously. We value the input we get from our customers. A member of our dev team may or may not reach out to you here to ask for more detail. Thank you for helping to make Wordfence great.

-Matt R
FB911

Thank you. There are a few plugins available, but none are well documented, nor are they updated recently. Also, since Word fence is already set up to block IPs, there is no need to add another plugin which might conflict.

One big concern I have is the method used to find the TOR IP addresses because if the database is too old, as in more than a few hours, it is almost worthless. Also, my site is slow enough and I don’t want to make it any slower.

Thank you for looking into this. I don’t know why this is not a common feature for firewall plugins because if a hacker is using TOR, every attack has the potential of coming from a unique IP.

Thanks. Yes, would be the difficult part — keeping the IP list up to date and/or detecting the right connections. If there is an effective way to do it though, it could be considered.

Hi,

I have created service like that https://pike.hqpeak.com/ and PoC plugins as:

https://www.ads-software.com/plugins/tor-exit-nodes-blocker/
https://www.ads-software.com/plugins/woo-pike/

Soon we will releasing premium version with streaming / web-hooks. In order to test the real time tor ip addresses detection you can use the PING service https://pike.hqpeak.com/api/ping.php

I was trying to use the ‘Advanced Blocking’ host rules to block tor traffic but the rules I was creating was too vague.

Here is what could be a simple way to ‘rule out’ tor traffic. Simply block any traffic where a request comes from any domain where ‘tor’ or ‘tor-exit’ is any part of a subdomain name.

That should be fairly effective and not too costly in terms of overhead. Just my 2 cents…

Thanks for the suggestions. We have just recently added the ability to block by hostname on the Advanced Blocking page, so that may work, as long as the reverse-lookup of each tor exit node is set correctly.

Blocking domains containing only ‘tor’ might be too strict, and could block (for example) visitors using an ISP in Torrance, California, that uses the users’ city as part of their domains.

Doing a reverse lookup for each visit by using these advanced blocking rules can make the site perform more slowly, since DNS lookups are usually slower than just loading local pages, but it might not be too bad in some cases.

-Matt R