Bitcoin Forum

Hello dear moderators!

I see people using TOR and I2P are banned from using PM functions.

However, I would rather like to use it for legitimate purposes. Protection offered by banning TOR against people who use to PM viruses and spam is meager at best.

Can you allow users to utilize TOR on a user-by-user basis and whitelist those who do not misbehave (specifically, whitelist me for TOR usage :) )?

Thank you for your kind understanding.

Yes please. I'm using TOR as well, found it pretty strange that as an established user I still get the restrictions.

Why not just disable signup of new accounts through TOR?

aol that, me too.

I hope this is intended as a reductio and not a serious suggestion?

Freenode has the same policy, that's why I suggested that.

It basically boils down to: for creation of the user you need to connect outside of tor, or ask someone to do it for you (for a bitcoin payment of course :P). After that you can use tor to connect.

SMF doesn't support adding exceptions, unfortunately.

I only blocked one exit node (the largest one, blutmagie). It's funny how many people use that one exit node. People complain about Bitcoin being too centralized...

My hope is that BTC adoption will drive Tor use to make it less centralized.

And also educate people that using Tor can be a large security vulnerability in and of itself with exit node packet sniffers, MITM attacks, etc etc

Okay, will just make sure I'm not exiting through it when sending PMs...

P.S.:
From where I am, blutmagie is a fairly decent node, high performance and in a far away jurisdiction.

And apparently this restriction has just been extended to posts as well... I just got a red message blocking me from posting with an "open proxy", a few minutes after having done it successfully. (that made me lose a post that took me a few minutes to write, search for references and all. :( )

I've removed blutmagie from my exit-nodes and it works. (btw, is it possible to remove it only when accessing forum.bitcoin.org?)

Now, I must ask: isn't it too harsh to block posts? I mean, the newbie restriction is already enough to protect other boards... I don't see a need to ban Tor, which is used by so many legitimate participants of the bitcoin forum.

It always applied to posts.

Tor changes your exit node every 10 minutes, so you just stumbled onto a banned one. Several are banned, and more will be added as they are abused.

Why?

This is radical... can't such restriction be applied to newbies only? Filter by IP like this will inevitably block legitimate users.

Like I said, SMF doesn't support this. If someone wants to contribute code that would exempt certain membergroups from certain bans, I will use it.

Theymos, what I meant is if the newbies restriction (5 posts + 4 hours) isn't already enough to at least contain the abuse to the Newbies boards? I suppose spammers won't pay the cost of 4 hours logged in just to post one spam... will they?

It would be a pitty if all Tor proxies get banned here...

Yes, if you use Tor you should really not be using any non-https sites, at least not those with user credentials. Luckily this forum supports https.

If they already have your real IP address, why bother with TOR?

Be a little more creative. As I said above, you could for example pay someone to make an account for you.

No answer regarding this? It's getting harder and harder to post... :(

I've also done this, but it does not always work.  Since I have no reason to suspect theymos is fibbing, I guess there must be a high enough correlation between IP's that have been banned due to actual abuse and IP's that are tor-exits or intermittent exits.

I can't really expect the forum not to block IP's that are repeat abusers so I don't have any brilliant ideas.

__
-?

...

lol, just kidding, whose post do you think you are reading?  Of course I have a brilliant idea ;)

If you have root, there is a fairly clean, surgical solution to this problem.  Instead of banning the IP's in the forum software, ban them in iptables (or in whatever network-level tcp filtering is available in the server's operating-system).

This way, tor will discover the blockage and route to an exit node that works*.  Even if this fails, at least the connection will appear to time out or fail.  This is vastly preferable to accepting the user's http request but allowing the forum software to do mean things to the user.  Note that the most annoying thing about being blocked in this way occurs when the user constructs an elaborate post, hits the "post" button, and then has their post rejected by the forum software.  Once the post is blocked, you can't just press the back button to get it back, it's gone.  Worse, even if you were smart enough to save your post to the clipboard, and try to repost, the forum software will still reject your post as a duplicate if you use the back button (presumably because it is using a hidden html form input element to keep track of posts and prevent dupes).

* note: I am making an assumption here.  I briefly tried to find confirmation that tor actually does include some support for learning not to route requests to an exit node whose exit policy permits exit to a certain <address,port> tuple, but which is in fact prevented from successfully connecting by something without tor (i.e.: packet filtering, great firewall of china, mis-configured routing table, etc).  Although I couldn't find a completely solid confirmation of this, I did find some evidence that I'm right.  Given the goals of the tor project I really hope my assumption is correct but I admit I'm not sure.

Better yet, just stop blocking blutmagie!  What is the point of blocking one tor exits and not all!?  You just make access easy for the bad guys and difficult for the good guys!!

Tor recreates its circuits every 10 minutes or so. (Unless they're being held open by a long-running connection, of course.)

Connect to "Hide my ass" through a tor node :P